TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 22:19:50 2023 |
| End time: |
Wed Oct 25 22:57:14 2023 |
|
|
| DNS Name: |
173-12-226-89-memphis.hfc.comcastbusiness.net |
| IP: |
173.12.226.89 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.12.226.89 resolves as 173-12-226-89-memphis.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 50.606 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:20 CDT
Scan duration : 2234 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.12.226.89 :
192.168.100.162
192.168.100.1
173.12.226.89
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 22:21:43 2023 |
| End time: |
Wed Oct 25 22:59:07 2023 |
|
|
| DNS Name: |
173-12-226-90-memphis.hfc.comcastbusiness.net |
| IP: |
173.12.226.90 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.12.226.90 resolves as 173-12-226-90-memphis.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.326 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:21 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.12.226.90 :
192.168.100.162
192.168.100.1
173.12.226.90
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 22:57:14 2023 |
| End time: |
Wed Oct 25 23:34:38 2023 |
|
|
| DNS Name: |
173-12-226-91-memphis.hfc.comcastbusiness.net |
| IP: |
173.12.226.91 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.12.226.91 resolves as 173-12-226-91-memphis.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.722 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:57 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.12.226.91 :
192.168.100.162
192.168.100.1
173.12.226.91
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 22:59:07 2023 |
| End time: |
Wed Oct 25 23:36:39 2023 |
|
|
| DNS Name: |
173-12-226-92-memphis.hfc.comcastbusiness.net |
| IP: |
173.12.226.92 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.12.226.92 resolves as 173-12-226-92-memphis.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.518 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 22:59 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.12.226.92 :
192.168.100.162
192.168.100.1
173.12.226.92
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 23:34:38 2023 |
| End time: |
Thu Oct 26 00:12:02 2023 |
|
|
| DNS Name: |
173-12-226-93-memphis.hfc.comcastbusiness.net |
| IP: |
173.12.226.93 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.12.226.93 resolves as 173-12-226-93-memphis.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.359 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 23:34 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.12.226.93 :
192.168.100.162
192.168.100.1
173.12.226.93
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
10 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 23:36:39 2023 |
| End time: |
Thu Oct 26 00:14:38 2023 |
|
|
| DNS Name: |
173-12-226-94-memphis.hfc.comcastbusiness.net |
| IP: |
173.12.226.94 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.12.226.94 resolves as 173-12-226-94-memphis.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/555
Port 555/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 62.859 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 23:36 CDT
Scan duration : 2270 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.12.226.94 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.240.102
68.86.240.206
96.110.133.106
173.12.226.94
Hop Count: 9
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 00:12:02 2023 |
| End time: |
Thu Oct 26 00:49:33 2023 |
|
|
| DNS Name: |
173-14-192-65-BusName-tupelo.hfc.comcastbusiness.net |
| IP: |
173.14.192.65 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.14.192.65 resolves as 173-14-192-65-BusName-tupelo.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.942 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:12 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.14.192.65 :
192.168.100.162
192.168.100.1
173.14.192.65
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
10 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 00:14:38 2023 |
| End time: |
Thu Oct 26 00:52:30 2023 |
|
|
| DNS Name: |
173-14-192-66-BusName-tupelo.hfc.comcastbusiness.net |
| IP: |
173.14.192.66 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
173.14.192.66 resolves as 173-14-192-66-BusName-tupelo.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/555
Port 555/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 69.516 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:14 CDT
Scan duration : 2262 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 173.14.192.66 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.85.203.10
96.108.30.22
96.108.88.166
173.14.192.66
Hop Count: 9
|
|
|
|
|
0 |
1 |
1 |
0 |
10 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 00:49:33 2023 |
| End time: |
Thu Oct 26 01:05:48 2023 |
|
|
| DNS Name: |
net-216-37-68-97.in-addr.worldspice.net |
| IP: |
216.37.68.97 |
| OS: |
Linux Kernel 2.6 |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:linux:linux_kernel -> Linux Kernel
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 65
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.97 resolves as net-216-37-68-97.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 64.797 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:49 CDT
Scan duration : 974 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP
The remote host is running Linux Kernel 2.6
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.97 :
192.168.100.162
192.168.100.1
216.37.68.97
Hop Count: 2
|
|
|
|
|
0 |
1 |
3 |
0 |
28 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 00:52:30 2023 |
| End time: |
Thu Oct 26 01:29:44 2023 |
|
|
| DNS Name: |
net-216-37-68-98.in-addr.worldspice.net |
| IP: |
216.37.68.98 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/443/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : O=Fortinet Ltd./CN=FortiGate
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE's :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : firewall
Confidence level : 100
17367 - Fortinet FortiGate Web Console Management Detection
-
A firewall management console is running on the remote host.
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.
Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
Filter incoming traffic to this port.
Published: 2005/03/18, Modified: 2023/07/18
tcp/443/www
The following instance of FortiOS Web Interface was detected on the remote host :
Version : >= 5.4
URL : https://net-216-37-68-98.in-addr.worldspice.net/
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.98 resolves as net-216-37-68-98.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Encoding: gzip
Content-Type: text/html
ETag: 3d9d521f61a853f8ef09c629fd5d0485
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Thu, 26 Oct 2023 06:12:05 GMT
Connection: keep-alive
Transfer-Encoding: chunked
Response Body :
.‹.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/1723/pptp
Port 1723/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 74.240 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 0:52 CDT
Scan duration : 2225 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML
The remote host is running FortiOS on Fortinet FortiGate
A VPN server is listening on the remote port.
The remote host is running a PPTP (Point-to-Point Tunneling Protocol) server. It allows users to set up a tunnel between their host and the network the remote host is attached to.
Make sure use of this software is in agreement with your organization's security policy.
Published: 2001/02/28, Modified: 2020/09/22
tcp/1723/pptp
It was possible to extract the following information from the remote PPTP server :
Firmware Version : 1
Vendor Name : Fortinet pptp
Host name : fortinet-pptp
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
+ On the following port(s) :
- 443 (15 hops away)
- 1723 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
net-216-37-68-98.in-addr.worldspice.net
The Common Name in the certificate is :
fortigate
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Issuer Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Serial Number: 26 27 A5 C3 2A 13 DC CE
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CF 53 4F A6 DF 62 53 67 31 C7 B8 39 F3 3C C5 9A 07 D1 EC
23 56 00 17 3E 9C 6C 7B BD 98 1C 1E 4C 96 E8 BD F9 B6 52 59
64 C0 15 E7 4C 6D E7 28 E5 2D 23 68 B8 7F D8 C1 55 11 1D E0
33 AD 71 FB BB 5D 7D 5E C6 D6 44 B3 94 99 17 53 89 61 B8 ED
01 21 FA C8 43 24 46 CC FB 84 3D 88 FB 4C 42 39 DF 6A 28 B5
B5 38 A5 52 8E 11 2D A7 9B 8C 77 DB 8B 5E 17 08 6D 90 59 05
EE 2A 4E 19 AC 16 51 F3 3B 76 27 43 E6 71 1F A2 B5 DB DF 5F
14 31 A0 67 C6 06 D4 00 93 1F C3 0C F8 23 B3 42 5E 1A D7 26
36 2A 81 83 C1 9D 87 B1 DF 1A A9 84 B5 B1 D9 D3 B0 88 7B 10
70 61 92 02 BF 68 15 C1 02 8B 95 56 3F 53 8C 68 66 AC 54 4B
83 70 32 9A AC B2 34 E7 09 C3 0E B0 C8 DD 21 13 15 C1 70 AC
97 87 CB 27 E8 F5 6E 2C 6B C4 91 D6 FA 4A F1 D8 14 A6 10 73
7D C6 A9 A4 60 A1 BE C5 7C 05 F1 C9 F2 81 8B 4A FD
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 AF D1 9C 0D 11 FE B7 B0 EE 08 F5 EC 46 B0 B2 5F 01 69 86
9F 41 5B F7 11 34 C0 B4 82 09 85 00 B6 8C 0F 6B D8 46 8A A7
9E 35 F6 34 F2 0A 7C D6 E3 45 66 95 6A 38 DA 02 41 0E 7A 09
D7 12 91 5B 1F 88 F1 BF 1C 5C 0B EA 3B D1 FE 37 34 30 C5 6E
10 8A A8 42 EA E8 DA C0 92 DC 04 E7 CE 38 A1 89 FE 5C 6C AC
94 62 21 AD 90 3B 34 55 8D F5 28 C7 17 EE 59 C9 D4 1D 8A 0A
24 26 98 A1 A3 D1 62 C2 15 95 B6 69 B4 FD D1 CB BC 40 64 89
D4 9B 3D A0 D7 EA AC 76 D6 21 3A 40 83 6A 8A 47 F5 24 F1 04
BB B0 EF 4B E0 9F 87 E0 AA B0 CF DD 33 CF 2A 9F E1 04 12 FD
CC 2A 8B 9C 93 88 13 65 F1 C3 C6 36 E3 D9 BF 3A B6 70 61 4D
E0 19 13 5D E7 0D EB CE 4F E6 F0 CA 89 40 66 B6 B5 C7 88 3A
80 40 60 41 D0 1A B0 21 71 3E 50 7F 0D 3E 58 B4 87 C8 5B 71
26 B7 81 2C 5F 2E 39 34 2C 1F 39 58 D1 7D E2 43 49
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Fingerprints :
SHA-256 Fingerprint: 90 F3 BC 37 37 55 AA 0A F8 89 FE C3 29 BD 4C 46 7C 11 93 A8
6B 3A C1 AF B4 28 58 BC F8 47 BA 23
SHA-1 Fingerprint: A6 20 38 B0 B8 48 F8 23 2F 7A 63 65 93 A1 7F 49 5E 9B 79 E9
MD5 Fingerprint: 02 6C C4 90 F5 95 C5 26 CD 63 59 84 27 58 61 80
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIIJielwyoT3M4wDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIwMDgxNjE1MzQxOVoXDTMwMDgxNzE1MzQxOVowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1NPpt9iU2cxx7g58zzFmgfR7CNWABc+nGx7vZgcHkyW6L35tlJZZMAV50xt5yjlLSNouH/YwVURHeAzrXH7u119XsbWRLOUmRdTiWG47QEh+shDJEbM+4Q9iPtMQjnfaii1tTilUo4RLaebjHfbi14XCG2QWQXuKk4ZrBZR8zt2J0PmcR+itdvfXxQxoGfGBtQAkx/DDPgjs0JeGtcmNiqBg8Gdh7HfGqmEtbHZ07CIexBwYZICv2gVwQKLlVY/U4xoZqxUS4NwMpqssjTnCcMOsMjdIRMVwXCsl4fLJ+j1bixrxJHW+krx2BSmEHN9xqmkYKG+xXwF8cnygYtK/QIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCv0ZwNEf63sO4I9exGsLJfAWmGn0Fb9xE0wLSCCYUAtowPa9hGiqeeNfY08gp81uNFZpVqONoCQQ56CdcSkVsfiPG/HFwL6jvR/jc0MMVuEIqoQuro2sCS3ATnzjihif5cbKyUYiGtkDs0VY31KMcX7lnJ1B2KCiQmmKGj0WLCFZW2abT90cu8QGSJ1Js9oNfqrHbWITpAg2qKR/Uk8QS7sO9L4J+H4Kqwz90zzyqf4QQS/cwqi5yTiBNl8cPGNuPZvzq2cGFN4BkTXecN685P5vDKiUBmtrXHiDqAQGBB0BqwIXE+UH8NPli0h8hbcSa3gSxfLjk0LB85WNF94kNJ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=15552000
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.98 :
192.168.100.162
192.168.100.1
216.37.68.98
Hop Count: 2
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/443/www
The following cookies are expired :
Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 06:14:29 GMT
Comment :
Secure : 1
Httponly : 0
Port :
|
|
|
|
|
0 |
1 |
3 |
0 |
33 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 01:05:48 2023 |
| End time: |
Thu Oct 26 01:52:56 2023 |
|
|
| DNS Name: |
net-216-37-68-99.in-addr.worldspice.net |
| IP: |
216.37.68.99 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
88098 - Apache Server ETag Header Information Disclosure
-
The remote web server is affected by an information disclosure vulnerability.
The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer to the linked Apache documentation for more information.
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 (CVSS2#E:U/RL:OF/RC:C)
Published: 2016/01/22, Modified: 2020/04/27
tcp/80/www
Nessus was able to determine that the Apache Server listening on
port 80 leaks the servers inode numbers in the ETag HTTP
Header field :
Source : ETag: "422be-d39-5d5e1b6df5200"
Inode number : 271038
File size : 3385 bytes
File modification time : Jan. 18, 2022 at 21:11:36 GMT
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/80/www
URL : http://net-216-37-68-99.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/443/www
URL : https://net-216-37-68-99.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
Following application CPE matched on the remote system :
cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/443/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
Apache
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/443/www
The remote web server type is :
Apache
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.99 resolves as net-216-37-68-99.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 403 Forbidden
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 06:27:43 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 21:11:36 GMT
ETag: "422be-d39-5d5e1b6df5200"
Accept-Ranges: bytes
Content-Length: 3385
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html
Response Body :
<html>
<head>
<title>Error 403</title>
<style>
body {
background-color: #73767c;
font-family: Times, serif;
font-size: 18px;
}
.container {
width: 640px;
margin: auto;
padding: 0 10px 20px;
background: #fff;
text-align: center;
overflow: hidden;
border-radius: 5px;
box-shadow: 0px 10px 15px #59595b;
}
div.reylogo {
width: 200px;
height: 200px;
margin: 0px auto;
background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAABGdBTUEAAOD8YVAtlgAAAu1pQ0NQSUNDIFByb2ZpbGUAADjLY2BgnuDo4uTKJMDAUFBUUuQe5BgZERmlwH6egY2BmQEMEpOLCxwDAnxA7Lz8vFQGVMDIwPDtGohkYLisCzKLgTTAmgy0GEgfAGKjlNTiZCD9BYjTy0sKgOKMMUC2SFI2mF0AYmeHBDkD2S0MDEw8JakVIL0MzvkFlUWZ6RklCoaWlpYKjin5SakKwZXFJam5xQqeecn5RQX5RYklqSlAtVA7QIDXJb9EwT0xM0/ByECVgcoAFI4QFiJ8EGIIkFxaVAYPSgYGAQYFBgMGB4YAhkSGeoYFDEcZ3jCKM7owljKuYLzHJMYUxDSB6QKzMHMk80LmNyyWLB0st1j1WFtZ77FZsk1j+8Yezr6bQ4mji+MLZyLnBS5Hri3cmtwLeKR4pvIK8U7iE+abxi/Dv1hAR2CHoKvgFaFUoR/CvSIqIntFw0W/iE0SNxK/IlEhKSd5TCpfWlr6hEyZrLrsLbk+eRf5PwpbFQuV9JTeKq9VKVA1Uf2pdlC9SyNUU0nzg9YB7Uk6qbpWeoJ6r/SPGCwwrDWKMbY1kTdlNn1pdsF8p8USywlWdda5NnG2gXau9tYOxo46TmrOSi4KrvJuCu7KHuqeul4m3jY+7r7Bfgn++QH1gRODlgbvCrkY+jKcKUIu0ioqIroiZmbsnrgHCWyJuklhyQ0pa1JvpnNkWGRmZs3NvpjLnmefX1GwqfBdsXZJVumqsjcV+pUlVbtqGGu96qbWP2zUa6ppPtsq11bYfrRTuquo+3Sval9j/92JNpNmT/47NX7a4RkaM/tnfZ+TMPf0fPMFSxeJLG5d8m1Z5vJ7K0NWnV7jsnbfessN2zaZbN6y1WTb9h1WO/fvdt1zdl/Y/gcHcw79PNJ+TPz4ipPWp86dST776/yki9qXjl5JvPrv+pybNrfu3qm/p3z/xMO8x2JP9j/LfCHy8uDr/Lfy7y58aPpk+vnV1wXfw38K/Dr1p/Wf4///AA0ADzTvzc3MAAAABlBMVEUATnsAAAD+mnh6AAAAAnRSTlP/AOW3MEoAAAAJcEhZcwAALiIAAC4iAari3ZIAAALeSURBVHhe7dXRcuIwEETR8P8/vZK53mygKIi3NWqp+rwEjDOeW0GVr9smEuImIW4S4iYhbhLiJiFuEuImIW4S4iYhbhLiJiGvfIkx9q1+I79i6r7nW+0+fsEVi77z8Z/uQzxdiMHvqEOmnpEtJMRNQn6HkyvAwCc1ISwhwchH7To3rILFH/Xr3LGI+95PXl0XYwkBBj4pChkvIW4Scg0nVoGJp9oQdtBgJtpbri+HAuwUUokdJBiJ4pBxEuImIddxViUY2dSHsIIIQ48QLq2JjL1CirGBCENnhAySEDcJ+Q+cUw1mzghhA5VzqnxwtQ1DqrGAyjmVn6VYQYGJk0JGSIibCSF8uzWYOSOEDVSY2kO4sqoNQ4rxfBWm5rDbSYib8hC+2xKMPBSHsIEKU7v2motLoqLZKaQSz1dhalccoi1h5qE6ZJiEuEnIb3E+RRj6j3aJz9bC+t92CinB82UY+60qpOKM7CEhbhLyHudShamvtM+50R0Lv7JTyCA8X4axr4wLGf4v8KeBIbUS4iYhn+O0ijD0Sf+AWxZx3/tJu84Nq2DxRy//VDI8X4axj8aHFJ6RLSTETUIu4LiKMPRUF8LzZRh7au/5YDkUoL/lg8Xc9//r8f1IbCDC0FNlyFAJcZOQazioIgw91IawgApTD+0NV1dERNdfc3VB94bDjz/PcDxfhamH2pCBEuImIRdxTEUY2hWHsIAMY5v2kmtLoqLZKaQSz1dhalccMk5C3CTkKo6pBjO76hA2UGFq015ybUlUNDuFlGIBFaY21SHDJMRNQi7jmGowsykPYQMVph4hXFoTGXuF1GIBFaZOCJGWMLKrDxkkIW5mhPAF12DmjBA2UDmnygeX2y+kGs9XOafysxIbaDBzSsgQCXEzL4TvuMIx7hhajxVUjhBeL22vkClYQGVeiLakz7uPXV9C3CTETULcJMRNQtwkxE1C3CTETULcJMRNQtwkxMvt9gdiX3KCo5HNSAAAAABJRU5ErkJggg==);
}
div.errcode {
font-size: 4em;
font-weight: 900;
}
div.errdesc {
margin-bottom: 0.5em;
font-size: 2em;
font-weight: 700;
}
div.details {
font-size: 18px;
}
</style>
</head>
<body >
<div class="container">
<div class="reylogo"></div>
<div class="errcode">403</div>
<div class="errdesc">Forbidden</div>
<div class="details">
You do not have permission to access this resource.<br/>
Contact <a href="https://www.reyrey.com/support/">Reynolds and Reynolds Support</a> for assistance.
</div>
</div>
</body>
</html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 06:27:44 GMT
Server: Apache
Content-Length: 3781
Vary: Accept-Encoding
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html
Response Body :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/shtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reynolds Integrated Telephone System</title>
<link rel="stylesheet" type="text/css" href="/pbxadcon?File=pbxadconmain.css&Type=text/css" />
<link rel="stylesheet" type="text/css" href="/pbxadcon?File=pbxadconcontent.css&Type=text/css" />
<link rel="stylesheet" type="text/css" href="/pbxadcon?File=pbxadconcontentlayout.css&Type=text/css" />
<script type="text/javascript" src="/pbxadcon?File=pbxadconinterface.js&Type=text/javascript"></script>
</head>
<body>
<form id="RitsIfForm" action="" method="post">
<input type="hidden" id="PageId" name="PageId" value="Login" />
<input type="hidden" id="PbxAdConAction" name="PbxAdConAction" value="LOGON" />
<!-- Title Bar - Image/RITS Logo -->
<div class="RitsTitleBarFullPage">
<div class="RitsTitleBarHeader">
<img src="/pbxadcon?File=phone.jpg&Type=image/JPEG" alt="" style="object-fit: cover;" width="100%" height="100%"/>
<div class="RitsTitleBarText">
<label class="front">Reynolds Integrated Telephone System</label>
</div>
</div>
</div>
<table width="100%">
<tr>
<td align="center">
<div class="ContentDiv">
<div class="BlueGradientBG" style="width:600px">
<div class="PageContent">
<div class="PageTitle">Log On</div>
<table class="PageTable">
<tr>
<td class="TableLabel">
Username:
</td>
<td class="TableData">
<input id="AdConUser" name="AdConUser" size="20" maxlength="20"/>
<script type="text/javascript" language="javascript">SetLoginFocus();</script>
</td>
</tr>
<tr>
<td class="TableLabel">
Password:
</td>
<td class="TableData">
<input type="password" id="AdConPass" name="AdConPass" />
</td>
</tr>
<tr>
<td colspan="2" class="DisplayButtons">
<input type="submit" value=" Log On " />
</td>
</tr>
</table>
</div>
</div>
</div>
</td>
</tr>
<tr align="center">
<td>
<br />
<span id="MsgBox"></span>
<div class="disclaimer">
This software is a valuable proprietary trade secret which is the property of The Reynolds and Reynolds Company, <span class="italics">original copyright 2010 to present</span>.<br /><br />
A condition of the license of this software is that the licensed user and all of the licensed user's employees (collectively, the "End User") shall maintain this software and all of its functions in confidence from all outside third parties.<br /><br />
Any access to this software by electronic means or otherwise by anyone who is not a dealership employee constitutes a breach of the license agreement. By signing on to the system, End User acknowledges compliance with this agreement.
</div>
</td>
</tr>
</table>
</form>
</body>
</html>
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 43.540 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 1:05 CDT
Scan duration : 2818 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
net-216-37-68-99.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/443/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/443/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.99 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.121
96.110.34.106
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.99
Hop Count: 16
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/443/www
The following string will be used :
TYPE="password"
|
|
|
|
|
0 |
1 |
1 |
0 |
8 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 01:29:44 2023 |
| End time: |
Thu Oct 26 02:06:43 2023 |
|
|
| IP: |
216.37.68.100 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.626 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 1:29 CDT
Scan duration : 2205 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.100 :
192.168.100.162
192.168.100.1
216.37.68.100
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 01:52:56 2023 |
| End time: |
Thu Oct 26 02:30:20 2023 |
|
|
| DNS Name: |
net-216-37-68-101.in-addr.worldspice.net |
| IP: |
216.37.68.101 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.101 resolves as net-216-37-68-101.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.411 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 1:53 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.101 :
192.168.100.162
192.168.100.1
216.37.68.101
Hop Count: 2
|
|
|
|
|
0 |
4 |
8 |
1 |
65 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 02:06:43 2023 |
| End time: |
Thu Oct 26 03:48:47 2023 |
|
|
| DNS Name: |
net-216-37-68-102.in-addr.worldspice.net |
| IP: |
216.37.68.102 |
| OS: |
Microsoft Windows 10 |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
77026 - Microsoft Exchange Client Access Server Information Disclosure
-
The remote mail server is affected by an information disclosure vulnerability.
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the server's internal IP address.
An attacker can send a crafted GET request to the Web Server with an empty host header that would expose internal IP Addresses of the underlying system in the header response.
Only attack two (Reverse Proxy / Gateway) is fixed in current versions. Apply the latest supplied vendor patches.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.2 (CVSS2#E:U/RL:U/RC:ND)
Published: 2014/08/06, Modified: 2022/09/20
tcp/443/www
Nessus was able to verify the issue with the following request :
GET /autodiscover/autodiscover.xml HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Which returned the following IP address :
10.2.1.135
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/110/pop3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
The remote web server is not enforcing HSTS, as defined by RFC 6797.
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published: 2020/11/17, Modified: 2023/06/08
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/8010/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/8010/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/110/pop3
TLSv1 is enabled and the server supports at least one cipher.
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/443/www
TLSv1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/110/pop3
TLSv1.1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/443/www
TLSv1.1 is enabled and the server supports at least one cipher.
10759 - Web Server HTTP Header Internal IP Disclosure
-
This web server leaks a private IP address through its HTTP headers.
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.
Apply configuration suggested by vendor.
3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
2.8 (CVSS:3.0/E:P/RL:O/RC:C)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.0 (CVSS2#E:POC/RL:OF/RC:C)
Published: 2001/09/14, Modified: 2022/12/30
tcp/443/www
Nessus was able to exploit the issue using the following request :
GET / HTTP/1.0
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
Cache-Control: no-cache
Pragma: no-cache
Location: https://10.2.1.135/owa/
Server: Microsoft-IIS/10.0
X-FEServer: EXCH2016
X-RequestId: 0497209e-f411-4251-bda3-d38fc238e895
Date: Thu, 26 Oct 2023 07:44:28 GMT
Connection: close
Content-Length: 0
[...]
------------------------------ snip ------------------------------
46180 - Additional DNS Hostnames
-
Nessus has detected potential virtual hosts.
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Published: 2010/04/29, Modified: 2022/08/15
tcp/0
The following hostnames point to the remote host :
- autodiscover.infinitiofmemphis.com
- webmail.gossettmotors.com
- autodiscover.gossettmotors.com
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_10 -> Microsoft Windows 10 64-bit
Following application CPE's matched on the remote system :
cpe:/a:microsoft:exchange_server -> Microsoft Exchange Server
cpe:/a:microsoft:exchange_server:15.1.2507 -> Microsoft Exchange Server
cpe:/a:microsoft:iis:10.0 -> Microsoft IIS
cpe:/a:microsoft:outlook_web_access:15.1.2507 -> Microsoft outlook_web_access
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 75
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/443/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
Microsoft-IIS/10.0
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/443/www
The remote web server type is :
Microsoft-IIS/10.0
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.102 resolves as net-216-37-68-102.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 403 Forbidden
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Server: Microsoft-IIS/10.0
Date: Thu, 26 Oct 2023 07:57:14 GMT
Content-Length: 0
Response Body :
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 302 Moved Temporarily
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Cache-Control: no-cache
Pragma: no-cache
Location: https://net-216-37-68-102.in-addr.worldspice.net/owa/
Server: Microsoft-IIS/10.0
X-FEServer: EXCH2016
X-RequestId: bdcaf1a2-1013-4fd7-9085-fbf69253e3a4
Date: Thu, 26 Oct 2023 07:57:14 GMT
Connection: close
Content-Length: 0
Response Body :
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/8010/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-102.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>
108804 - Microsoft Exchange Server Detection (Uncredentialed)
-
The remote host is running an Exchange Server.
One or more Microsoft Exchange servers are listening on the remote host.
Published: 2018/04/03, Modified: 2023/10/16
tcp/110/pop3
Path :
Version : unknown
Source : POP3
108804 - Microsoft Exchange Server Detection (Uncredentialed)
-
The remote host is running an Exchange Server.
One or more Microsoft Exchange servers are listening on the remote host.
Published: 2018/04/03, Modified: 2023/10/16
tcp/443/www
Path : /owa/auth/logon.aspx
Version : 15.1.2507
Source : HTTP/HTTPS
major : 15
minor : 1
patch : 2507
14255 - Microsoft Outlook Web Access (OWA) Version Detection
-
It is possible to extract the version of Microsoft Exchange Server installed on the remote host.
Microsoft Exchange Server with Outlook Web Access (OWA) embeds the Exchange version number inside the default HTML web page. By requesting the default HTML page, Nessus was able to extract the Microsoft Exchange server version.
Published: 2004/08/11, Modified: 2023/05/24
tcp/443/www
URL : https://net-216-37-68-102.in-addr.worldspice.net/owa/auth/logon.aspx
Version : 15.1.2507
CU : 23
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/110/pop3
Port 110/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/8010/www
Port 8010/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 74.145 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 2:06 CDT
Scan duration : 6115 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Microsoft Windows 10
Confidence level : 75
Method : HTTP
The remote host is running Microsoft Windows 10
10185 - POP Server Detection
-
A POP server is listening on the remote port.
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.
Disable this service if you do not use it.
Published: 1999/10/12, Modified: 2019/11/22
tcp/110/pop3
Remote POP server banner :
+OK The Microsoft Exchange POP3 service is ready.
42087 - POP3 Service STLS Command Support
-
The remote mail service supports encrypting traffic.
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel.
Published: 2009/10/09, Modified: 2021/02/24
tcp/110/pop3
Here is the POP3 server's SSL certificate that Nessus was able to
collect after sending a 'STLS' command :
------------------------------ snip ------------------------------
Subject Name:
Common Name: mail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 57 84 E9 48 F2 E6 A5 79
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 07 12:24:47 2023 GMT
Not Valid After: Sep 07 12:24:47 2024 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 97 7C 4C 81 27 9C 55 DB 82 97 BA 53 67 E0 3C 55 24 40 2D
BA C1 15 AB 31 1E 81 2B BF 8F 01 1E C3 69 BE B2 6E 04 3F A8
DF F3 25 98 C7 A0 38 A9 81 CA 19 5F E6 F9 D3 8F D5 6D F4 B2
9F 39 A1 4C 1E 83 70 D2 8A 60 07 52 77 91 FD 95 D1 DD 52 3B
98 20 CF 78 B8 8D 16 EE 75 7C 17 DA 62 0A 93 38 E5 BB 1B 5B
29 1E 48 F0 50 A3 40 A1 75 42 2A 3F A8 CD 38 EB C5 15 BD BB
12 79 15 7E E4 E2 88 5C 21 8C F9 33 38 FF 03 A4 31 30 4B F9
26 F5 98 92 A5 80 5A 04 23 A1 AE 5E C1 23 E8 BC B3 D9 A1 70
CA 96 63 90 65 3D 0A C7 5F AE 1B 52 DF 49 37 57 29 1A 70 90
9C 5C 3A 91 FB 2E 13 30 3B 7C 19 C5 9D D3 A6 6C FC 20 3D 94
4D 46 38 5E AC E1 07 DA 80 C8 74 D6 CB 64 18 B5 84 69 36 37
82 98 16 63 3D 44 C5 A2 B8 1E 37 59 B6 3D C6 CE 8D AD B4 A1
C8 6C 84 B2 D2 C0 37 BC AF C5 FA A9 1E 35 49 24 0B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 3F 92 6D 88 D6 96 C3 BA D3 A0 93 D5 4A 70 0D F4 A2 7F 5C
42 11 A9 8A E1 6D E9 B5 06 10 8B CF 75 3A 23 96 FD 20 D0 9A
68 9E D9 23 53 FC 0F 37 D6 24 5D 81 BF CF EB 7A 4D AE E6 43
74 18 16 89 4C B2 58 35 B1 35 4B 82 F5 B0 A8 02 78 F3 FA 9A
AB 36 8F 9D 51 23 47 F5 BC 2C 83 52 8A 57 A2 74 D2 7B 81 CF
C0 7D D6 FB 28 AF 0D 2D 17 33 EB 93 40 BC 75 06 71 F8 9F 11
5B 04 16 B1 4D 32 E1 4C 5C 75 D2 35 01 F3 ED 65 B8 62 A0 13
9F 68 6A 98 37 87 D7 7B 02 27 4A 61 BB EA BD EB 44 F8 95 62
02 9E F7 5C C7 63 06 C7 DC 6F 6C 7B 0D 49 CF 94 93 62 2E A6
FB 89 2F 48 BE 57 00 A0 D1 9D B8 AC 4E 5D BF F9 F9 1B F4 CD
E9 1C 79 4A F5 FE 91 49 47 75 07 0E DD B1 48 8B 66 06 8D E9
12 33 27 BB 41 0E FB 27 F0 AA 27 F3 FE FA 76 F4 AE C0 0C 5F
4F 8C 85 76 0A C9 9C B6 F8 B9 3F BC 2A 65 10 24 02
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-8011.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: mail.gossettmotors.com
DNS: www.mail.gossettmotors.com
DNS: autodiscover.infinitiofmemphis.com
DNS: mail.infinitiofmemphis.com
DNS: webmail.gossettmotors.com
DNS: autodiscover.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 7E 71 C0 EB 5F D5 13 97 3B 98 25 B5 97 BD 3E 69 AC F3 2A 6F
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6B 01 69 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 89 CF F5 56 C3 00 00 04 03 00 47 30 45 02 21 00
B0 D4 B5 31 15 24 DC 67 C6 6D 79 47 9A BC 66 FD C9 88 48 36
4F B1 B2 AF 68 06 11 60 39 6E 75 08 02 20 7C 9C 34 E9 AE 26
12 3E BD F6 A7 DF FC 84 FA 8D 2D 68 B5 F7 37 6A 9D CF 78 E6
27 DD A5 3C 2C FC 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5 6A
02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8 84
73 00 00 01 89 CF F5 57 F7 00 00 04 03 00 48 30 46 02 21 00
F0 15 39 B7 C8 96 B3 47 0F 6A D8 EE 85 24 B7 DD 93 71 2A C2
2F 39 E4 CE 62 67 98 7C 87 21 45 2E 02 21 00 E7 BC 92 6A 11
8C 64 E8 FD 33 A7 0B 1C D3 B9 C2 3D 9C DC 6F 7A 65 90 D7 D8
59 32 5C 05 8A 45 B8 00 76 00 DA B6 BF 6B 3F B5 B6 22 9F 9B
C2 BB 5C 6B E8 70 91 71 6C BB 51 84 85 34 BD A4 3D 30 48 D7
FB AB 00 00 01 89 CF F5 58 A2 00 00 04 03 00 47 30 45 02 21
00 A8 D6 BF E2 00 DC 97 9B 66 0B 8B A1 62 D7 62 80 63 BA 4E
D1 A8 4F 3D 2D 12 36 AF 30 0D 34 36 1B 02 20 6A BD 62 10 F6
17 82 7E ED 70 B0 81 52 F3 63 EB 08 14 FB F7 89 E0 5C BC F3
B9 F1 3F 42 84 51 04
------------------------------ snip ------------------------------
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 8010 (15 hops away)
- 80 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
+ On the following port(s) :
- 110 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/110/pop3
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/8010/www
This port supports TLSv1.3/TLSv1.2.
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/110/pop3
Subject Name:
Common Name: mail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 57 84 E9 48 F2 E6 A5 79
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 07 12:24:47 2023 GMT
Not Valid After: Sep 07 12:24:47 2024 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 97 7C 4C 81 27 9C 55 DB 82 97 BA 53 67 E0 3C 55 24 40 2D
BA C1 15 AB 31 1E 81 2B BF 8F 01 1E C3 69 BE B2 6E 04 3F A8
DF F3 25 98 C7 A0 38 A9 81 CA 19 5F E6 F9 D3 8F D5 6D F4 B2
9F 39 A1 4C 1E 83 70 D2 8A 60 07 52 77 91 FD 95 D1 DD 52 3B
98 20 CF 78 B8 8D 16 EE 75 7C 17 DA 62 0A 93 38 E5 BB 1B 5B
29 1E 48 F0 50 A3 40 A1 75 42 2A 3F A8 CD 38 EB C5 15 BD BB
12 79 15 7E E4 E2 88 5C 21 8C F9 33 38 FF 03 A4 31 30 4B F9
26 F5 98 92 A5 80 5A 04 23 A1 AE 5E C1 23 E8 BC B3 D9 A1 70
CA 96 63 90 65 3D 0A C7 5F AE 1B 52 DF 49 37 57 29 1A 70 90
9C 5C 3A 91 FB 2E 13 30 3B 7C 19 C5 9D D3 A6 6C FC 20 3D 94
4D 46 38 5E AC E1 07 DA 80 C8 74 D6 CB 64 18 B5 84 69 36 37
82 98 16 63 3D 44 C5 A2 B8 1E 37 59 B6 3D C6 CE 8D AD B4 A1
C8 6C 84 B2 D2 C0 37 BC AF C5 FA A9 1E 35 49 24 0B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 3F 92 6D 88 D6 96 C3 BA D3 A0 93 D5 4A 70 0D F4 A2 7F 5C
42 11 A9 8A E1 6D E9 B5 06 10 8B CF 75 3A 23 96 FD 20 D0 9A
68 9E D9 23 53 FC 0F 37 D6 24 5D 81 BF CF EB 7A 4D AE E6 43
74 18 16 89 4C B2 58 35 B1 35 4B 82 F5 B0 A8 02 78 F3 FA 9A
AB 36 8F 9D 51 23 47 F5 BC 2C 83 52 8A 57 A2 74 D2 7B 81 CF
C0 7D D6 FB 28 AF 0D 2D 17 33 EB 93 40 BC 75 06 71 F8 9F 11
5B 04 16 B1 4D 32 E1 4C 5C 75 D2 35 01 F3 ED 65 B8 62 A0 13
9F 68 6A 98 37 87 D7 7B 02 27 4A 61 BB EA BD EB 44 F8 95 62
02 9E F7 5C C7 63 06 C7 DC 6F 6C 7B 0D 49 CF 94 93 62 2E A6
FB 89 2F 48 BE 57 00 A0 D1 9D B8 AC 4E 5D BF F9 F9 1B F4 CD
E9 1C 79 4A F5 FE 91 49 47 75 07 0E DD B1 48 8B 66 06 8D E9
12 33 27 BB 41 0E FB 27 F0 AA 27 F3 FE FA 76 F4 AE C0 0C 5F
4F 8C 85 76 0A C9 9C B6 F8 B9 3F BC 2A 65 10 24 02
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-8011.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: mail.gossettmotors.com
DNS: www.mail.gossettmotors.com
DNS: autodiscover.infinitiofmemphis.com
DNS: mail.infinitiofmemphis.com
DNS: webmail.gossettmotors.com
DNS: autodiscover.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 7E 71 C0 EB 5F D5 13 97 3B 98 25 B5 97 BD 3E 69 AC F3 2A 6F
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6B 01 69 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 89 CF F5 56 C3 00 00 04 03 00 47 30 45 02 21 00
B0 D4 B5 31 15 24 DC 67 C6 6D 79 47 9A BC 66 FD C9 88 48 36
4F B1 B2 AF 68 06 11 60 39 6E 75 08 02 20 7C 9C 34 E9 AE 26
12 3E BD F6 A7 DF FC 84 FA 8D 2D 68 B5 F7 37 6A 9D CF 78 E6
27 DD A5 3C 2C FC 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5 6A
02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8 84
73 00 00 01 89 CF F5 57 F7 00 00 04 03 00 48 30 46 02 21 00
F0 15 39 B7 C8 96 B3 47 0F 6A D8 EE 85 24 B7 DD 93 71 2A C2
2F 39 E4 CE 62 67 98 7C 87 21 45 2E 02 21 00 E7 BC 92 6A 11
8C 64 E8 FD 33 A7 0B 1C D3 B9 C2 3D 9C DC 6F 7A 65 90 D7 D8
59 32 5C 05 8A 45 B8 00 76 00 DA B6 BF 6B 3F B5 B6 22 9F 9B
C2 BB 5C 6B E8 70 91 71 6C BB 51 84 85 34 BD A4 3D 30 48 D7
FB AB 00 00 01 89 CF F5 58 A2 00 00 04 03 00 47 30 45 02 21
00 A8 D6 BF E2 00 DC 97 9B 66 0B 8B A1 62 D7 62 80 63 BA 4E
D1 A8 4F 3D 2D 12 36 AF 30 0D 34 36 1B 02 20 6A BD 62 10 F6
17 82 7E ED 70 B0 81 52 F3 63 EB 08 14 FB F7 89 E0 5C BC F3
B9 F1 3F 42 84 51 04
Fingerprints :
SHA-256 Fingerprint: 22 BF AE 09 29 35 13 A8 CD 9C 6A FA BC 82 9D B1 E8 95 AE F8
22 3F 31 3D B2 0F 39 BD F1 27 30 95
SHA-1 Fingerprint: 4E 55 90 67 AD B9 4A 8C E9 D6 81 DB 1B B6 EE 6F FE DB A6 EC
MD5 Fingerprint: 3A 15 22 B5 C4 E7 0A 7F C8 73 64 18 65 6F AF 5E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIHLDCCBhSgAwIBAgIIV4TpSPLmpXkwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwODA3MTIyNDQ3WhcNMjQwOTA3MTIyNDQ3WjAhMR8wHQYDVQQDExZtYWlsLmdvc3NldHRtb3RvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3xMgSecVduCl7pTZ+A8VSRALbrBFasxHoErv48BHsNpvrJuBD+o3/MlmMegOKmByhlf5vnTj9Vt9LKfOaFMHoNw0opgB1J3kf2V0d1SO5ggz3i4jRbudXwX2mIKkzjluxtbKR5I8FCjQKF1Qio/qM0468UVvbsSeRV+5OKIXCGM+TM4/wOkMTBL+Sb1mJKlgFoEI6GuXsEj6Lyz2aFwypZjkGU9CsdfrhtS30k3VykacJCcXDqR+y4TMDt8GcWd06Zs/CA9lE1GOF6s4QfagMh01stkGLWEaTY3gpgWYz1ExaK4HjdZtj3Gzo2ttKHIbISy0sA3vK/F+qkeNUkkCwIDAQABo4ID0jCCA84wDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS04MDExLmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMIG6BgNVHREEgbIwga+CFm1haWwuZ29zc2V0dG1vdG9ycy5jb22CGnd3dy5tYWlsLmdvc3NldHRtb3RvcnMuY29tgiJhdXRvZGlzY292ZXIuaW5maW5pdGlvZm1lbXBoaXMuY29tghptYWlsLmluZmluaXRpb2ZtZW1waGlzLmNvbYIZd2VibWFpbC5nb3NzZXR0bW90b3JzLmNvbYIeYXV0b2Rpc2NvdmVyLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBR+ccDrX9UTlzuYJbWXvT5prPMqbzCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGJz/VWwwAABAMARzBFAiEAsNS1MRUk3GfGbXlHmrxm/cmISDZPsbKvaAYRYDludQgCIHycNOmuJhI+vfan3/yE+o0taLX3N2qdz3jmJ92lPCz8AHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGJz/VX9wAABAMASDBGAiEA8BU5t8iWs0cPatjuhSS33ZNxKsIvOeTOYmeYfIchRS4CIQDnvJJqEYxk6P0zpwsc07nCPZzcb3plkNfYWTJcBYpFuAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABic/1WKIAAAQDAEcwRQIhAKjWv+IA3JebZguLoWLXYoBjuk7RqE89LRI2rzANNDYbAiBqvWIQ9heCfu1wsIFS82PrCBT794ngXLzzufE/QoRRBDANBgkqhkiG9w0BAQsFAAOCAQEAP5JtiNaWw7rToJPVSnAN9KJ/XEIRqYrhbem1BhCLz3U6I5b9INCaaJ7ZI1P8DzfWJF2Bv8/rek2u5kN0GBaJTLJYNbE1S4L1sKgCePP6mqs2j51RI0f1vCyDUopXonTSe4HPwH3W+yivDS0XM+uTQLx1BnH4nxFbBBaxTTLhTFx10jUB8+1luGKgE59oapg3h9d7AidKYbvqvetE+JViAp73XMdjBsfcb2x7DUnPlJNiLqb7iS9IvlcAoNGduKxOXb/5+Rv0zekceUr1/pFJR3UHDt2xSItmBo3pEjMnu0EO+yfwqifz/vp29K7ADF9PjIV2Csmctvi5P7wqZRAkAg==
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: mail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 57 84 E9 48 F2 E6 A5 79
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 07 12:24:47 2023 GMT
Not Valid After: Sep 07 12:24:47 2024 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 97 7C 4C 81 27 9C 55 DB 82 97 BA 53 67 E0 3C 55 24 40 2D
BA C1 15 AB 31 1E 81 2B BF 8F 01 1E C3 69 BE B2 6E 04 3F A8
DF F3 25 98 C7 A0 38 A9 81 CA 19 5F E6 F9 D3 8F D5 6D F4 B2
9F 39 A1 4C 1E 83 70 D2 8A 60 07 52 77 91 FD 95 D1 DD 52 3B
98 20 CF 78 B8 8D 16 EE 75 7C 17 DA 62 0A 93 38 E5 BB 1B 5B
29 1E 48 F0 50 A3 40 A1 75 42 2A 3F A8 CD 38 EB C5 15 BD BB
12 79 15 7E E4 E2 88 5C 21 8C F9 33 38 FF 03 A4 31 30 4B F9
26 F5 98 92 A5 80 5A 04 23 A1 AE 5E C1 23 E8 BC B3 D9 A1 70
CA 96 63 90 65 3D 0A C7 5F AE 1B 52 DF 49 37 57 29 1A 70 90
9C 5C 3A 91 FB 2E 13 30 3B 7C 19 C5 9D D3 A6 6C FC 20 3D 94
4D 46 38 5E AC E1 07 DA 80 C8 74 D6 CB 64 18 B5 84 69 36 37
82 98 16 63 3D 44 C5 A2 B8 1E 37 59 B6 3D C6 CE 8D AD B4 A1
C8 6C 84 B2 D2 C0 37 BC AF C5 FA A9 1E 35 49 24 0B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 3F 92 6D 88 D6 96 C3 BA D3 A0 93 D5 4A 70 0D F4 A2 7F 5C
42 11 A9 8A E1 6D E9 B5 06 10 8B CF 75 3A 23 96 FD 20 D0 9A
68 9E D9 23 53 FC 0F 37 D6 24 5D 81 BF CF EB 7A 4D AE E6 43
74 18 16 89 4C B2 58 35 B1 35 4B 82 F5 B0 A8 02 78 F3 FA 9A
AB 36 8F 9D 51 23 47 F5 BC 2C 83 52 8A 57 A2 74 D2 7B 81 CF
C0 7D D6 FB 28 AF 0D 2D 17 33 EB 93 40 BC 75 06 71 F8 9F 11
5B 04 16 B1 4D 32 E1 4C 5C 75 D2 35 01 F3 ED 65 B8 62 A0 13
9F 68 6A 98 37 87 D7 7B 02 27 4A 61 BB EA BD EB 44 F8 95 62
02 9E F7 5C C7 63 06 C7 DC 6F 6C 7B 0D 49 CF 94 93 62 2E A6
FB 89 2F 48 BE 57 00 A0 D1 9D B8 AC 4E 5D BF F9 F9 1B F4 CD
E9 1C 79 4A F5 FE 91 49 47 75 07 0E DD B1 48 8B 66 06 8D E9
12 33 27 BB 41 0E FB 27 F0 AA 27 F3 FE FA 76 F4 AE C0 0C 5F
4F 8C 85 76 0A C9 9C B6 F8 B9 3F BC 2A 65 10 24 02
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-8011.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: mail.gossettmotors.com
DNS: www.mail.gossettmotors.com
DNS: autodiscover.infinitiofmemphis.com
DNS: mail.infinitiofmemphis.com
DNS: webmail.gossettmotors.com
DNS: autodiscover.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 7E 71 C0 EB 5F D5 13 97 3B 98 25 B5 97 BD 3E 69 AC F3 2A 6F
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6B 01 69 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 89 CF F5 56 C3 00 00 04 03 00 47 30 45 02 21 00
B0 D4 B5 31 15 24 DC 67 C6 6D 79 47 9A BC 66 FD C9 88 48 36
4F B1 B2 AF 68 06 11 60 39 6E 75 08 02 20 7C 9C 34 E9 AE 26
12 3E BD F6 A7 DF FC 84 FA 8D 2D 68 B5 F7 37 6A 9D CF 78 E6
27 DD A5 3C 2C FC 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5 6A
02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8 84
73 00 00 01 89 CF F5 57 F7 00 00 04 03 00 48 30 46 02 21 00
F0 15 39 B7 C8 96 B3 47 0F 6A D8 EE 85 24 B7 DD 93 71 2A C2
2F 39 E4 CE 62 67 98 7C 87 21 45 2E 02 21 00 E7 BC 92 6A 11
8C 64 E8 FD 33 A7 0B 1C D3 B9 C2 3D 9C DC 6F 7A 65 90 D7 D8
59 32 5C 05 8A 45 B8 00 76 00 DA B6 BF 6B 3F B5 B6 22 9F 9B
C2 BB 5C 6B E8 70 91 71 6C BB 51 84 85 34 BD A4 3D 30 48 D7
FB AB 00 00 01 89 CF F5 58 A2 00 00 04 03 00 47 30 45 02 21
00 A8 D6 BF E2 00 DC 97 9B 66 0B 8B A1 62 D7 62 80 63 BA 4E
D1 A8 4F 3D 2D 12 36 AF 30 0D 34 36 1B 02 20 6A BD 62 10 F6
17 82 7E ED 70 B0 81 52 F3 63 EB 08 14 FB F7 89 E0 5C BC F3
B9 F1 3F 42 84 51 04
Fingerprints :
SHA-256 Fingerprint: 22 BF AE 09 29 35 13 A8 CD 9C 6A FA BC 82 9D B1 E8 95 AE F8
22 3F 31 3D B2 0F 39 BD F1 27 30 95
SHA-1 Fingerprint: 4E 55 90 67 AD B9 4A 8C E9 D6 81 DB 1B B6 EE 6F FE DB A6 EC
MD5 Fingerprint: 3A 15 22 B5 C4 E7 0A 7F C8 73 64 18 65 6F AF 5E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIHLDCCBhSgAwIBAgIIV4TpSPLmpXkwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwODA3MTIyNDQ3WhcNMjQwOTA3MTIyNDQ3WjAhMR8wHQYDVQQDExZtYWlsLmdvc3NldHRtb3RvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3xMgSecVduCl7pTZ+A8VSRALbrBFasxHoErv48BHsNpvrJuBD+o3/MlmMegOKmByhlf5vnTj9Vt9LKfOaFMHoNw0opgB1J3kf2V0d1SO5ggz3i4jRbudXwX2mIKkzjluxtbKR5I8FCjQKF1Qio/qM0468UVvbsSeRV+5OKIXCGM+TM4/wOkMTBL+Sb1mJKlgFoEI6GuXsEj6Lyz2aFwypZjkGU9CsdfrhtS30k3VykacJCcXDqR+y4TMDt8GcWd06Zs/CA9lE1GOF6s4QfagMh01stkGLWEaTY3gpgWYz1ExaK4HjdZtj3Gzo2ttKHIbISy0sA3vK/F+qkeNUkkCwIDAQABo4ID0jCCA84wDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS04MDExLmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMIG6BgNVHREEgbIwga+CFm1haWwuZ29zc2V0dG1vdG9ycy5jb22CGnd3dy5tYWlsLmdvc3NldHRtb3RvcnMuY29tgiJhdXRvZGlzY292ZXIuaW5maW5pdGlvZm1lbXBoaXMuY29tghptYWlsLmluZmluaXRpb2ZtZW1waGlzLmNvbYIZd2VibWFpbC5nb3NzZXR0bW90b3JzLmNvbYIeYXV0b2Rpc2NvdmVyLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBR+ccDrX9UTlzuYJbWXvT5prPMqbzCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGJz/VWwwAABAMARzBFAiEAsNS1MRUk3GfGbXlHmrxm/cmISDZPsbKvaAYRYDludQgCIHycNOmuJhI+vfan3/yE+o0taLX3N2qdz3jmJ92lPCz8AHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGJz/VX9wAABAMASDBGAiEA8BU5t8iWs0cPatjuhSS33ZNxKsIvOeTOYmeYfIchRS4CIQDnvJJqEYxk6P0zpwsc07nCPZzcb3plkNfYWTJcBYpFuAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABic/1WKIAAAQDAEcwRQIhAKjWv+IA3JebZguLoWLXYoBjuk7RqE89LRI2rzANNDYbAiBqvWIQ9heCfu1wsIFS82PrCBT794ngXLzzufE/QoRRBDANBgkqhkiG9w0BAQsFAAOCAQEAP5JtiNaWw7rToJPVSnAN9KJ/XEIRqYrhbem1BhCLz3U6I5b9INCaaJ7ZI1P8DzfWJF2Bv8/rek2u5kN0GBaJTLJYNbE1S4L1sKgCePP6mqs2j51RI0f1vCyDUopXonTSe4HPwH3W+yivDS0XM+uTQLx1BnH4nxFbBBaxTTLhTFx10jUB8+1luGKgE59oapg3h9d7AidKYbvqvetE+JViAp73XMdjBsfcb2x7DUnPlJNiLqb7iS9IvlcAoNGduKxOXb/5+Rv0zekceUr1/pFJR3UHDt2xSItmBo3pEjMnu0EO+yfwqifz/vp29K7ADF9PjIV2Csmctvi5P7wqZRAkAg==
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/8010/www
Subject Name:
Common Name: net-216-37-68-102.in-addr.worldspice.net
Issuer Name:
Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com
Serial Number: 19 FB AF 17 2F A1 B9 FD 01 E3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 4E 88 78 F7 DC AE DD FE C4 15 BE D4 D0 71 56 23 0D 92 BE
3D F6 DB E4 FD 70 64 31 AB C4 69 90 42 31 C7 E2 F3 39 D4 AA
3B 05 01 40 68 C5 4B 71 8B A8 B2 C5 F4 B6 D1 DF DA 4A 22 21
83 17 09 AA D3 6F 6E 61 A5 6B 3C FD B9 27 BD ED 59 79 BA DB
D4 AD BC FC 2E 50 44 00 43 25 EE CE 72 AD 70 BD 5B 91 15 56
96 4B A3 6B B9 27 2A 28 03 3B E6 3A 63 3F EA 4D B1 71 0F B6
B6 43 45 DB 6D E4 09 01 77 94 E8 E3 EA E5 64 42 AA 3B 04 DF
B9 04 6A F8 87 68 E5 5E 70 97 14 17 56 A9 35 DD C7 12 93 CE
27 5F 7F 79 D7 63 65 98 7E 02 5E F1 FF 93 08 1D DD D1 76 E3
51 2B 97 3D A6 36 FD A9 95 3F 6E 74 35 B8 6E 8F E8 85 20 ED
4B 04 97 DC 42 BD 72 BB D0 44 D3 98 43 EF DF B7 E7 BB 17 7C
56 B7 71 1D 29 C4 26 BD 59 8F F1 27 7D 9B 1A 1A 59 84 A4 A1
21 E0 CC 24 52 8F 98 C0 CC 29 2D 3B 82 75 A0 C4 96
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-102.in-addr.worldspice.net
Fingerprints :
SHA-256 Fingerprint: 76 5F 8D 7C 72 7C 56 DF 15 9C FC 6F 56 98 AF 4E 2D 34 96 2F
5C 5C E5 43 BA AF B6 89 C3 D7 65 14
SHA-1 Fingerprint: F9 E7 7E 6C 9D C7 7D CC 31 B2 57 C7 49 A2 92 D2 80 EB 73 45
MD5 Fingerprint: 5A BE F0 79 D4 1E 87 94 2E 4F B0 76 C7 DE 45 46
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKGfuvFy+huf0B4zANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTEwMi5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTAyLmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAE6IePfcrt3+xBW+1NBxViMNkr499tvk/XBkMavEaZBCMcfi8znUqjsFAUBoxUtxi6iyxfS20d/aSiIhgxcJqtNvbmGlazz9uSe97Vl5utvUrbz8LlBEAEMl7s5yrXC9W5EVVpZLo2u5JyooAzvmOmM/6k2xcQ+2tkNF223kCQF3lOjj6uVkQqo7BN+5BGr4h2jlXnCXFBdWqTXdxxKTzidff3nXY2WYfgJe8f+TCB3d0XbjUSuXPaY2/amVP250Nbhuj+iFIO1LBJfcQr1yu9BE05hD79+357sXfFa3cR0pxCa9WY/xJ32bGhpZhKShIeDMJFKPmMDMKS07gnWgxJY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/110/pop3
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/443/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/110/pop3
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/8010/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/110/pop3
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/8010/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/110/pop3
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/8010/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/110/pop3
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/443/www
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/8010/www
The following root Certification Authority certificate was found :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/110/pop3
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/8010/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/110/pop3
A POP3 server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/8010/www
A TLSv1.2 server answered on this port.
tcp/8010/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
84821 - TLS ALPN Supported Protocol Enumeration
-
The remote host supports the TLS ALPN extension.
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
Published: 2015/07/17, Modified: 2023/07/10
tcp/443/www
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/110/pop3
TLSv1.1 is enabled and the server supports at least one cipher.
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/443/www
TLSv1.1 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/110/pop3
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/8010/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.102 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.117
96.110.34.102
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.102
Hop Count: 16
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/443/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
https://net-216-37-68-102.in-addr.worldspice.net/5PBLJHQejRLe.html
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/8010/www
The following string will be used :
TYPE=password
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 02:30:20 2023 |
| End time: |
Thu Oct 26 03:07:44 2023 |
|
|
| DNS Name: |
net-216-37-68-103.in-addr.worldspice.net |
| IP: |
216.37.68.103 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.103 resolves as net-216-37-68-103.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.926 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 2:30 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.103 :
192.168.100.162
192.168.100.1
216.37.68.103
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 03:07:44 2023 |
| End time: |
Thu Oct 26 03:45:08 2023 |
|
|
| DNS Name: |
net-216-37-68-104.in-addr.worldspice.net |
| IP: |
216.37.68.104 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.104 resolves as net-216-37-68-104.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.243 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 3:07 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.104 :
192.168.100.162
192.168.100.1
216.37.68.104
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 03:45:08 2023 |
| End time: |
Thu Oct 26 04:22:33 2023 |
|
|
| DNS Name: |
net-216-37-68-105.in-addr.worldspice.net |
| IP: |
216.37.68.105 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.105 resolves as net-216-37-68-105.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.332 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 3:45 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.105 :
192.168.100.162
192.168.100.1
216.37.68.105
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 03:48:47 2023 |
| End time: |
Thu Oct 26 04:26:03 2023 |
|
|
| DNS Name: |
net-216-37-68-106.in-addr.worldspice.net |
| IP: |
216.37.68.106 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.106 resolves as net-216-37-68-106.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.741 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 3:49 CDT
Scan duration : 2223 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.106 :
192.168.100.162
192.168.100.1
216.37.68.106
Hop Count: 2
|
|
|
|
|
0 |
7 |
22 |
0 |
146 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 04:22:33 2023 |
| End time: |
Thu Oct 26 05:25:46 2023 |
|
|
| DNS Name: |
net-216-37-68-107.in-addr.worldspice.net |
| IP: |
216.37.68.107 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/110/pop3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/143/imap
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/465/smtp
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/993/imap
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/995/pop3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
The remote web server is not enforcing HSTS, as defined by RFC 6797.
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published: 2020/11/17, Modified: 2023/06/08
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/8010/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
The remote service supports the use of the RC4 cipher.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:ND/RC:C)
Published: 2013/04/05, Modified: 2021/02/03
tcp/110/pop3
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
The remote service supports the use of the RC4 cipher.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:ND/RC:C)
Published: 2013/04/05, Modified: 2021/02/03
tcp/143/imap
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
The remote service supports the use of the RC4 cipher.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:ND/RC:C)
Published: 2013/04/05, Modified: 2021/02/03
tcp/443/www
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
The remote service supports the use of the RC4 cipher.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:ND/RC:C)
Published: 2013/04/05, Modified: 2021/02/03
tcp/465/smtp
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
The remote service supports the use of the RC4 cipher.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:ND/RC:C)
Published: 2013/04/05, Modified: 2021/02/03
tcp/993/imap
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
The remote service supports the use of the RC4 cipher.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:ND/RC:C)
Published: 2013/04/05, Modified: 2021/02/03
tcp/995/pop3
List of RC4 cipher suites supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/8010/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/110/pop3
TLSv1 is enabled and the server supports at least one cipher.
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/143/imap
TLSv1 is enabled and the server supports at least one cipher.
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/443/www
TLSv1 is enabled and the server supports at least one cipher.
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/465/smtp
TLSv1 is enabled and the server supports at least one cipher.
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/993/imap
TLSv1 is enabled and the server supports at least one cipher.
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/995/pop3
TLSv1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/110/pop3
TLSv1.1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/143/imap
TLSv1.1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/443/www
TLSv1.1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/465/smtp
TLSv1.1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/993/imap
TLSv1.1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/995/pop3
TLSv1.1 is enabled and the server supports at least one cipher.
46180 - Additional DNS Hostnames
-
Nessus has detected potential virtual hosts.
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Published: 2010/04/29, Modified: 2022/08/15
tcp/0
The following hostnames point to the remote host :
- fortimail.gossettmotors.com
- mail.gossettmotors.com
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : unknown
Confidence level : 56
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
43111 - HTTP Methods Allowed (per directory)
-
This plugin determines which HTTP methods are allowed on various CGI directories.
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Published: 2009/12/10, Modified: 2022/04/11
tcp/443/www
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD OPTIONS POST are allowed on :
/
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.107 resolves as net-216-37-68-107.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 09:48:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 18 May 2023 00:53:06 GMT
Accept-Ranges: bytes
Content-Length: 50
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'self'; object-src 'none'; frame-ancestors 'self'
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Response Body :
<html>
<script src="./index.js"></script>
</html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/8010/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-107.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>
11414 - IMAP Service Banner Retrieval
-
An IMAP server is running on the remote host.
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Published: 2003/03/18, Modified: 2011/03/16
tcp/143/imap
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] mail service ready.
11414 - IMAP Service Banner Retrieval
-
An IMAP server is running on the remote host.
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Published: 2003/03/18, Modified: 2011/03/16
tcp/993/imap
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] mail service ready.
42085 - IMAP Service STARTTLS Command Support
-
The remote mail service supports encrypting traffic.
The remote IMAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel.
Published: 2009/10/09, Modified: 2021/02/24
tcp/143/imap
Here is the IMAP server's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :
------------------------------ snip ------------------------------
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
------------------------------ snip ------------------------------
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/25/smtp
Port 25/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/110/pop3
Port 110/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/143/imap
Port 143/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/465/smtp
Port 465/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/993/imap
Port 993/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/995/pop3
Port 995/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/8010/www
Port 8010/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 83.583 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 4:22 CDT
Scan duration : 3785 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 56
Method : MLSinFP
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
SinFP:
P1:B11113:F0x12:W14600:O0204ffff:M1460:
P2:B11113:F0x12:W14480:O0204ffff0402080affffffff4445414401030307:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190701_7_p=443R
SMTP:!:220 mail.gossettmotors.com ESMTP Smtpd; Thu, 26 Oct 2023 04:25:15 -0500
SSLcert:!:i/CN:Go Daddy Secure Certificate Authority - G2i/O:GoDaddy.com, Inc.i/OU:http://certs.godaddy.com/repository/s/CN:fortimail.gossettmotors.com
acd10cefd4f2c95ef43689aaf1a8e66c2993cbb5
i/CN:Go Daddy Secure Certificate Authority - G2i/O:GoDaddy.com, Inc.i/OU:http://certs.godaddy.com/repository/s/CN:fortimail.gossettmotors.com
acd10cefd4f2c95ef43689aaf1a8e66c2993cbb5
The remote host is running FortiOS on Fortinet FortiGate
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/25/smtp
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/110/pop3
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/143/imap
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/443/www
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/465/smtp
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/993/imap
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/995/pop3
10185 - POP Server Detection
-
A POP server is listening on the remote port.
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.
Disable this service if you do not use it.
Published: 1999/10/12, Modified: 2019/11/22
tcp/110/pop3
Remote POP server banner :
+OK mail service ready.
10185 - POP Server Detection
-
A POP server is listening on the remote port.
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link.
Disable this service if you do not use it.
Published: 1999/10/12, Modified: 2019/11/22
tcp/995/pop3
Remote POP server banner :
+OK mail service ready.
42087 - POP3 Service STLS Command Support
-
The remote mail service supports encrypting traffic.
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel.
Published: 2009/10/09, Modified: 2021/02/24
tcp/110/pop3
Here is the POP3 server's SSL certificate that Nessus was able to
collect after sending a 'STLS' command :
------------------------------ snip ------------------------------
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
------------------------------ snip ------------------------------
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 8010 (15 hops away)
- 443 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6
+ On the following port(s) :
- 465 (16 hops away)
- 995 (16 hops away)
- 993 (16 hops away)
- 53 (1 hops away)
The operating system was identified as :
Linux Kernel 2.6
Nutanix
+ On the following port(s) :
- 110 (15 hops away)
- 143 (15 hops away)
- 25 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
10263 - SMTP Server Detection
-
An SMTP server is listening on the remote port.
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Disable this service if you do not use it, or filter incoming traffic to this port.
Published: 1999/10/12, Modified: 2020/09/22
tcp/25/smtp
Remote SMTP server banner :
220 mail.gossettmotors.com ESMTP Smtpd; Thu, 26 Oct 2023 04:25:15 -0500
10263 - SMTP Server Detection
-
An SMTP server is listening on the remote port.
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Disable this service if you do not use it, or filter incoming traffic to this port.
Published: 1999/10/12, Modified: 2020/09/22
tcp/465/smtp
Remote SMTP server banner :
220 mail.gossettmotors.com ESMTP Smtpd; Thu, 26 Oct 2023 04:27:18 -0500
42088 - SMTP Service STARTTLS Command Support
-
The remote mail service supports encrypting traffic.
The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel.
Published: 2009/10/09, Modified: 2019/03/20
tcp/25/smtp
Here is the SMTP service's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :
------------------------------ snip ------------------------------
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
------------------------------ snip ------------------------------
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/25/smtp
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/110/pop3
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/143/imap
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/465/smtp
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/993/imap
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/995/pop3
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/8010/www
This port supports TLSv1.3/TLSv1.2.
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/25/smtp
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/110/pop3
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/143/imap
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/443/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/465/smtp
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/993/imap
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/995/pop3
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=fortimail.gossettmotors.com
|-Not After : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/25/smtp
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/110/pop3
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/143/imap
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/443/www
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/465/smtp
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/993/imap
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/995/pop3
The SSL certificate will expire within 60 days, at
Dec 12 18:23:50 2023 GMT :
Subject : CN=fortimail.gossettmotors.com
Issuer : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Not valid before : Jan 5 21:00:26 2023 GMT
Not valid after : Dec 12 18:23:50 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/25/smtp
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/110/pop3
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/143/imap
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/465/smtp
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/993/imap
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/995/pop3
Subject Name:
Common Name: fortimail.gossettmotors.com
Issuer Name:
Country: US
State/Province: Arizona
Locality: Scottsdale
Organization: GoDaddy.com, Inc.
Organization Unit: http://certs.godaddy.com/repository/
Common Name: Go Daddy Secure Certificate Authority - G2
Serial Number: 4E 2D 9E CC 59 F8 6F 15
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jan 05 21:00:26 2023 GMT
Not Valid After: Dec 12 18:23:50 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 CC AC 90 B9 0E 9A 15 97 C7 07 7D C0 0E E8 7E ED 3B 05 61
5E 5A 2B 87 25 29 EC 9B D3 F1 56 00 DD 55 7F ED EC 8A 53 48
03 2C 21 96 DA 99 84 B6 9B 0E C3 DB ED BF B9 AD AD E8 AD 85
33 27 82 05 44 99 A1 D4 78 8C 3C C7 BA 3B C3 08 53 68 19 B8
22 0B DA 14 54 17 FC 3C AD D2 42 B0 6E BF AF CE FF ED EC 45
FC FD 8D 17 90 9D 59 86 53 6D 1F 8A C0 16 C2 DD FC E3 7F 03
7C 06 F2 7E F1 EB EA BC 71 FE EA 4F D1 0E B0 3A 51 F2 D4 65
2F 54 E6 34 B3 90 D7 DF DA 14 3B 9C 39 B1 A0 19 77 E7 73 C0
AA 92 2D CE 0B 2B 83 65 9C FA 48 53 80 C8 F5 DF EC C3 57 AB
62 59 9C 29 3A E7 6D 7F 5C 23 01 D5 06 86 66 D9 28 92 A9 3F
EB A0 95 ED 53 A4 92 75 67 B4 43 AE 7D 09 F4 28 8D 93 FB C1
99 20 B4 36 0F 4F FD DA F3 3A 25 29 26 23 32 3C F7 AE AA 41
A3 DB 97 09 07 57 53 44 6E 1F 81 67 EC 9E F4 42 2B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 85 BC 10 CE D9 14 28 87 CC DE B3 55 00 CF 73 1B 35 AE 3B
2A 7D 45 89 46 AA A1 DF 53 52 DB E0 BF 42 AE E3 4E 5C BB 82
E1 77 71 19 DB CD 81 74 57 D7 F3 D3 6B FB 3D 72 B1 9B A1 C4
AA BD 4B 10 EF 3C C3 CC C3 9F 35 5D 27 E9 D7 44 B9 78 4A 03
DD 77 EA DA E1 FD 1F 79 03 6E 9A C3 96 C5 5A 4D 3D 51 8D 48
C4 A7 94 C2 60 02 0A 4C 64 E2 09 95 5A 43 5D 23 D9 E5 62 F9
FC CD 84 A7 CE 88 36 A9 67 23 23 FA 15 75 67 81 C2 1D 41 D4
D8 EC F5 40 35 FA 00 F8 B1 3C CE 26 DA 4B 5D 47 43 28 8D 62
FE 0F AF 14 A3 C9 4A 23 99 D1 B1 A3 B1 F8 E6 0A 7C 88 50 F1
AA BC A7 47 CA DB 8A 3A 47 30 5B 0A 83 62 95 EF 63 8E 6C F2
31 6D 72 9C DF F2 06 D9 6A C4 E4 70 75 7E 95 6D 8B 1C 43 FC
EE C1 16 D4 39 F3 53 1A 1D 52 AA 5B 18 BD 4B 97 F2 A3 94 44
6D 88 A4 FB 36 19 92 47 A3 19 E7 13 61 19 16 29 E1
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://crl.godaddy.com/gdig2s1-5015.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.16.840.1.114413.1.7.23.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://certificates.godaddy.com/repository/
Policy ID #2: 2.23.140.1.2.1
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://ocsp.godaddy.com/
Method#2: Certificate Authority Issuers
URI: http://certificates.godaddy.com/repository/gdig2.crt
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 40 C2 BD 27 8E CC 34 83 30 A2 33 D7 FB 6C B3 F0 B4 2C 80 CE
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: fortimail.gossettmotors.com
DNS: www.fortimail.gossettmotors.com
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 9D D8 6E BC 08 6F FB 3A 36 BB 99 F3 E2 21 37 61 D6 B7 8E FD
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 76 00 E8 3E D0 DA 3E F5 06 35 32 E7 57
28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 69 E1 77 7D 6D 06 BD
6E 00 00 01 85 83 BC 32 68 00 00 04 03 00 47 30 45 02 21 00
9B A5 D0 32 0D 5E B7 31 F5 07 F7 CD 19 5D 80 06 4A 66 13 77
5A 33 1E 31 6A 04 3F E0 FA F1 38 0C 02 20 41 61 AD 82 E8 9B
3D 1B 69 3C 74 16 6C D5 F2 AC 1E D2 D5 9F EF 7A EB 6E 3E 0B
2D C1 E7 94 04 AD 00 76 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38
E0 52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB
52 00 00 01 85 83 BC 33 50 00 00 04 03 00 47 30 45 02 20 77
83 D0 E8 65 15 53 C7 42 82 E9 AD C2 4A E2 FB 6A BB 88 5D BF
94 1E F0 D9 A4 89 4E A2 3B E4 33 02 21 00 CA 13 8D 53 4D EB
88 EC 1C 7A 4A F9 F7 89 FC A2 9B C2 ED 5B DE 9C FF 0E AD C2
72 22 60 1E 65 C2 00 75 00 B3 73 77 07 E1 84 50 F8 63 86 D6
05 A9 DC 11 09 4A 79 2D B1 67 0C 0B 87 DC F0 03 0E 79 36 A5
9A 00 00 01 85 83 BC 34 43 00 00 04 03 00 46 30 44 02 20 70
67 B3 81 5A 47 90 CC 05 73 31 CD 3A AF 8B EE D4 CE CB 9B 87
EE CF DB D5 E1 E2 EF F1 7D BA 23 02 20 3A 5C 24 F6 42 D1 56
00 F3 71 EE D4 62 4B 8B DD B5 18 29 AC 36 51 0A 87 B3 34 86
51 4D 45 86 4F
Fingerprints :
SHA-256 Fingerprint: 65 F6 72 7A 64 9B 45 1A D8 66 0A 62 AA 72 BA 67 CE 33 81 3D
E3 91 9B 49 BB 4A 3D 04 7A 04 DB F0
SHA-1 Fingerprint: AC D1 0C EF D4 F2 C9 5E F4 36 89 AA F1 A8 E6 6C 29 93 CB B5
MD5 Fingerprint: 7A 89 F0 F4 D6 FF FD DE AA 27 1D 80 E3 16 EB 76
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIITi2ezFn4bxUwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMTA1MjEwMDI2WhcNMjMxMjEyMTgyMzUwWjAmMSQwIgYDVQQDExtmb3J0aW1haWwuZ29zc2V0dG1vdG9ycy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrJC5DpoVl8cHfcAO6H7tOwVhXlorhyUp7JvT8VYA3VV/7eyKU0gDLCGW2pmEtpsOw9vtv7mtreithTMnggVEmaHUeIw8x7o7wwhTaBm4IgvaFFQX/Dyt0kKwbr+vzv/t7EX8/Y0XkJ1ZhlNtH4rAFsLd/ON/A3wG8n7x6+q8cf7qT9EOsDpR8tRlL1TmNLOQ19/aFDucObGgGXfnc8Cqki3OCyuDZZz6SFOAyPXf7MNXq2JZnCk6521/XCMB1QaGZtkokqk/66CV7VOkknVntEOufQn0KI2T+8GZILQ2D0/92vM6JSkmIzI8966qQaPblwkHV1NEbh+BZ+ye9EIrAgMBAAGjggNcMIIDWDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTUwMTUuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wRwYDVR0RBEAwPoIbZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tgh93d3cuZm9ydGltYWlsLmdvc3NldHRtb3RvcnMuY29tMB0GA1UdDgQWBBSd2G68CG/7Oja7mfPiITdh1reO/TCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFg7wyaAAABAMARzBFAiEAm6XQMg1etzH1B/fNGV2ABkpmE3daMx4xagQ/4PrxOAwCIEFhrYLomz0baTx0FmzV8qwe0tWf73rrbj4LLcHnlAStAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGFg7wzUAAABAMARzBFAiB3g9DoZRVTx0KC6a3CSuL7aruIXb+UHvDZpIlOojvkMwIhAMoTjVNN64jsHHpK+feJ/KKbwu1b3pz/Dq3CciJgHmXCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGFg7w0QwAABAMARjBEAiBwZ7OBWkeQzAVzMc06r4vu1M7Lm4fuz9vV4eLv8X26IwIgOlwk9kLRVgDzce7UYkuL3bUYKaw2UQqHszSGUU1Fhk8wDQYJKoZIhvcNAQELBQADggEBAIW8EM7ZFCiHzN6zVQDPcxs1rjsqfUWJRqqh31NS2+C/Qq7jTly7guF3cRnbzYF0V9fz02v7PXKxm6HEqr1LEO88w8zDnzVdJ+nXRLl4SgPdd+ra4f0feQNumsOWxVpNPVGNSMSnlMJgAgpMZOIJlVpDXSPZ5WL5/M2Ep86INqlnIyP6FXVngcIdQdTY7PVANfoA+LE8zibaS11HQyiNYv4PrxSjyUojmdGxo7H45gp8iFDxqrynR8rbijpHMFsKg2KV72OObPIxbXKc3/IG2WrE5HB1fpVtixxD/O7BFtQ581MaHVKqWxi9S5fyo5REbYik+zYZkkejGecTYRkWKeE=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/8010/www
Subject Name:
Common Name: net-216-37-68-107.in-addr.worldspice.net
Issuer Name:
Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com
Serial Number: 0C 51 A2 26 48 87 D3 C0 F5 1F
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 08 46 65 2D AD 0F B9 35 69 1E AC A4 6F E0 3E 1D 54 A5 B9
A0 7A C4 58 7F CF 02 0F 18 35 6A 7B 08 32 15 58 D0 E2 2B B5
CC 53 00 2A D4 2A 4A 5F 1E 11 4C AC FC B7 D5 07 DD E5 2B 9A
5C EE 75 93 21 6B 39 31 01 CD 29 A6 52 97 75 B4 FA 71 FE D7
C2 09 AF 4F C7 CC D7 4A 3C 78 DF 48 32 D0 F2 9A B6 C9 0F 18
97 C2 58 32 40 A5 E7 5C 35 01 3A AD 07 1F 80 F8 36 30 81 3C
07 41 E2 62 B2 BA 24 BF DE 39 2C C0 06 D1 0E 10 74 FD 29 0A
97 93 0C 58 05 C1 C5 F9 4E 27 13 4A 00 75 A3 86 A3 C3 41 8C
F6 5F 83 0C 8B A2 B9 DD DD 92 6A 1C 71 41 20 F9 72 4C 70 6D
6C A1 84 FA F4 20 A7 FD A7 CF 31 AF F3 50 42 E3 69 EF AB 3C
55 81 19 82 40 D7 CB DD 2C 62 07 DA 8C 95 56 A0 A6 48 1C 10
0C 09 EE 01 C7 86 01 B9 CF 04 36 A9 4D 8B AC D0 C6 96 F7 EF
AC C9 4E AB DA 5B 06 6A FE AF B6 D7 CA E3 9F 4C EA
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-107.in-addr.worldspice.net
Fingerprints :
SHA-256 Fingerprint: 2B 75 E9 22 65 73 F6 5F AC 51 03 2B 87 C1 B7 78 49 50 69 65
C6 D5 83 49 D0 C6 ED 96 3F B6 04 E0
SHA-1 Fingerprint: 03 60 C0 E3 81 52 19 37 35 F0 DD 5F AD 0E FF B4 25 01 6E E3
MD5 Fingerprint: 37 15 08 8B CF 7F 53 09 9D 5F C5 B6 5D BC 71 37
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKDFGiJkiH08D1HzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTEwNy5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTA3LmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAAhGZS2tD7k1aR6spG/gPh1UpbmgesRYf88CDxg1ansIMhVY0OIrtcxTACrUKkpfHhFMrPy31Qfd5SuaXO51kyFrOTEBzSmmUpd1tPpx/tfCCa9Px8zXSjx430gy0PKatskPGJfCWDJApedcNQE6rQcfgPg2MIE8B0HiYrK6JL/eOSzABtEOEHT9KQqXkwxYBcHF+U4nE0oAdaOGo8NBjPZfgwyLornd3ZJqHHFBIPlyTHBtbKGE+vQgp/2nzzGv81BC42nvqzxVgRmCQNfL3SxiB9qMlVagpkgcEAwJ7gHHhgG5zwQ2qU2LrNDGlvfvrMlOq9pbBmr+r7bXyuOfTOo=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/25/smtp
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/110/pop3
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/143/imap
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/443/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/465/smtp
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/993/imap
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/995/pop3
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Jun 29 17:06:20 2004 GMT
Valid To : Jun 29 17:06:20 2034 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/110/pop3
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/143/imap
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/465/smtp
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/993/imap
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/995/pop3
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/8010/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/110/pop3
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/143/imap
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/465/smtp
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/993/imap
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/995/pop3
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/8010/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/110/pop3
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/143/imap
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/465/smtp
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/993/imap
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/995/pop3
Here is the list of SSL PFS ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/8010/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/25/smtp
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/110/pop3
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/143/imap
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/443/www
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/465/smtp
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/993/imap
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/995/pop3
The following root Certification Authority certificate was found :
|-Subject : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Issuer : C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|-Valid From : Jun 29 17:06:20 2004 GMT
|-Valid To : Jun 29 17:06:20 2034 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/8010/www
The following root Certification Authority certificate was found :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
35297 - SSL Service Requests Client Certificate
-
The remote service requests an SSL client certificate.
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Published: 2009/01/06, Modified: 2022/04/11
tcp/25/smtp
A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.
35297 - SSL Service Requests Client Certificate
-
The remote service requests an SSL client certificate.
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Published: 2009/01/06, Modified: 2022/04/11
tcp/465/smtp
A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/110/pop3
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/143/imap
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/465/smtp
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/993/imap
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/995/pop3
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-RC4-SHA 0xC0, 0x11 ECDH RSA RC4(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
IDEA-CBC-SHA 0x00, 0x07 RSA RSA IDEA-CBC(128) SHA1
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/8010/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/25/smtp
An SMTP server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/110/pop3
A POP3 server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/143/imap
An IMAP server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/465/smtp
A TLSv1.1 server answered on this port.
tcp/465/smtp
An SMTP server is running on this port through TLSv1.1.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/993/imap
A TLSv1 server answered on this port.
tcp/993/imap
An IMAP server is running on this port through TLSv1.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/995/pop3
A POP3 server is running on this port through TLSv1.1.
tcp/995/pop3
A TLSv1.1 server answered on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/8010/www
A TLSv1.2 server answered on this port.
tcp/8010/www
A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=31536000; includeSubDomains
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
84821 - TLS ALPN Supported Protocol Enumeration
-
The remote host supports the TLS ALPN extension.
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
Published: 2015/07/17, Modified: 2023/07/10
tcp/443/www
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/110/pop3
TLSv1.1 is enabled and the server supports at least one cipher.
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/143/imap
TLSv1.1 is enabled and the server supports at least one cipher.
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/443/www
TLSv1.1 is enabled and the server supports at least one cipher.
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/465/smtp
TLSv1.1 is enabled and the server supports at least one cipher.
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/993/imap
TLSv1.1 is enabled and the server supports at least one cipher.
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/995/pop3
TLSv1.1 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/110/pop3
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/143/imap
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/465/smtp
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/993/imap
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/995/pop3
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/8010/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.107 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.107
Hop Count: 16
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/443/www
The following cookies are expired :
Name : SearchResultFile
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logStartline
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : totalLineNumber
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logType
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logLevel
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : APSCOOKIE_4309f775a1293712802e25834cc847fe
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logDomain
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : ParamStr
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : mTime
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/8010/www
The following cookies are expired :
Name : SearchResultFile
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logStartline
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : totalLineNumber
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logType
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logLevel
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : APSCOOKIE_4309f775a1293712802e25834cc847fe
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : logDomain
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : ParamStr
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
Name : mTime
Path : /
Value :
Domain :
Version : 1
Expires : Fri, 01-Jan-1971 01:00:00 GMT
Comment :
Secure : 0
Httponly : 0
Port :
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/8010/www
The following string will be used :
TYPE=password
|
|
|
|
|
0 |
1 |
4 |
0 |
63 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 04:26:03 2023 |
| End time: |
Thu Oct 26 05:19:22 2023 |
|
|
| DNS Name: |
net-216-37-68-108.in-addr.worldspice.net |
| IP: |
216.37.68.108 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2001/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2002/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2003/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2001/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2002/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2003/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.108 resolves as net-216-37-68-108.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2001/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 09:49:59 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2002/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 09:49:59 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2003/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 09:50:00 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/555
Port 555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/556
Port 556/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/557
Port 557/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2001/www
Port 2001/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2002/www
Port 2002/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2003/www
Port 2003/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.685 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 4:26 CDT
Scan duration : 3185 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2001/www
This port supports TLSv1.3/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2002/www
This port supports TLSv1.3/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2003/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2001/www
The host name known by Nessus is :
net-216-37-68-108.in-addr.worldspice.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2002/www
The host name known by Nessus is :
net-216-37-68-108.in-addr.worldspice.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2003/www
The host name known by Nessus is :
net-216-37-68-108.in-addr.worldspice.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2001/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2002/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2003/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2001/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2002/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2003/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2001/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2002/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2003/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2001/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2002/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2003/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2001/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2002/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2003/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2001/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2002/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2003/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2001/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2002/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2003/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2001/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2002/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2003/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2001/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2002/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2003/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2001/www
A TLSv1.2 server answered on this port.
tcp/2001/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2002/www
A TLSv1.2 server answered on this port.
tcp/2002/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2003/www
A TLSv1.2 server answered on this port.
tcp/2003/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2001/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2002/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2003/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.108 :
192.168.100.162
192.168.100.1
216.37.68.108
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 05:19:22 2023 |
| End time: |
Thu Oct 26 05:56:54 2023 |
|
|
| DNS Name: |
net-216-37-68-109.in-addr.worldspice.net |
| IP: |
216.37.68.109 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.109 resolves as net-216-37-68-109.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.300 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 5:19 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.109 :
192.168.100.162
192.168.100.1
216.37.68.109
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 05:25:46 2023 |
| End time: |
Thu Oct 26 06:03:10 2023 |
|
|
| DNS Name: |
net-216-37-68-110.in-addr.worldspice.net |
| IP: |
216.37.68.110 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.110 resolves as net-216-37-68-110.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.972 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 5:25 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.110 :
192.168.100.162
192.168.100.1
216.37.68.110
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 05:56:54 2023 |
| End time: |
Thu Oct 26 06:34:18 2023 |
|
|
| DNS Name: |
net-216-37-68-111.in-addr.worldspice.net |
| IP: |
216.37.68.111 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.111 resolves as net-216-37-68-111.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.564 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 5:57 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.111 :
192.168.100.162
192.168.100.1
216.37.68.111
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 06:03:10 2023 |
| End time: |
Thu Oct 26 06:40:43 2023 |
|
|
| DNS Name: |
net-216-37-68-112.in-addr.worldspice.net |
| IP: |
216.37.68.112 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.112 resolves as net-216-37-68-112.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.120 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 6:03 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.112 :
192.168.100.162
192.168.100.1
216.37.68.112
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 06:34:18 2023 |
| End time: |
Thu Oct 26 07:11:42 2023 |
|
|
| DNS Name: |
net-216-37-68-113.in-addr.worldspice.net |
| IP: |
216.37.68.113 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.113 resolves as net-216-37-68-113.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.103 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 6:34 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.113 :
192.168.100.162
192.168.100.1
216.37.68.113
Hop Count: 2
|
|
|
|
|
0 |
2 |
6 |
0 |
58 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 06:40:43 2023 |
| End time: |
Thu Oct 26 07:33:23 2023 |
|
|
| DNS Name: |
net-216-37-68-114.in-addr.worldspice.net |
| IP: |
216.37.68.114 |
| OS: |
Linux Kernel 3.0 |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
The remote service supports the use of medium strength SSL ciphers.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published: 2009/11/23, Modified: 2021/02/03
tcp/443/www
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
88098 - Apache Server ETag Header Information Disclosure
-
The remote web server is affected by an information disclosure vulnerability.
The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer to the linked Apache documentation for more information.
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 (CVSS2#E:U/RL:OF/RC:C)
Published: 2016/01/22, Modified: 2020/04/27
tcp/2555/www
Nessus was able to determine that the Apache Server listening on
port 2555 leaks the servers inode numbers in the ETag HTTP
Header field :
Source : ETag: "2b7ec-d39-5d5e1b6df5200"
Inode number : 178156
File size : 3385 bytes
File modification time : Jan. 18, 2022 at 21:11:36 GMT
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2555/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3
104743 - TLS Version 1.0 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2017/11/22, Modified: 2023/04/19
tcp/443/www
TLSv1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published: 2022/04/04, Modified: 2023/04/19
tcp/443/www
TLSv1.1 is enabled and the server supports at least one cipher.
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/80/www
URL : http://net-216-37-68-114.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/443/www
URL : https://net-216-37-68-114.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/2555/www
URL : https://net-216-37-68-114.in-addr.worldspice.net:2555/
Version : unknown
Source : Server: Apache
backported : 0
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:linux:linux_kernel -> Linux Kernel
Following application CPE's matched on the remote system :
cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : unknown
Confidence level : 56
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/443/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2555/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
Apache
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/443/www
The remote web server type is :
Apache
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/2555/www
The remote web server type is :
Apache
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.114 resolves as net-216-37-68-114.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 12:06:08 GMT
Server: Apache
Location: https://net-216-37-68-114.in-addr.worldspice.net/
Content-Length: 257
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-114.in-addr.worldspice.net/">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 12:06:08 GMT
Server: Apache
Location: https://net-216-37-68-114.in-addr.worldspice.net/smgdownload
Content-Length: 268
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-114.in-addr.worldspice.net/smgdownload">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2555/www
Response Code : HTTP/1.1 403 Forbidden
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 12:06:08 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 21:11:36 GMT
ETag: "2b7ec-d39-5d5e1b6df5200"
Accept-Ranges: bytes
Content-Length: 3385
Vary: Accept-Encoding
Keep-Alive: timeout=2, max=32
Connection: Keep-Alive
Content-Type: text/html
Response Body :
<html>
<head>
<title>Error 403</title>
<style>
body {
background-color: #73767c;
font-family: Times, serif;
font-size: 18px;
}
.container {
width: 640px;
margin: auto;
padding: 0 10px 20px;
background: #fff;
text-align: center;
overflow: hidden;
border-radius: 5px;
box-shadow: 0px 10px 15px #59595b;
}
div.reylogo {
width: 200px;
height: 200px;
margin: 0px auto;
background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAABGdBTUEAAOD8YVAtlgAAAu1pQ0NQSUNDIFByb2ZpbGUAADjLY2BgnuDo4uTKJMDAUFBUUuQe5BgZERmlwH6egY2BmQEMEpOLCxwDAnxA7Lz8vFQGVMDIwPDtGohkYLisCzKLgTTAmgy0GEgfAGKjlNTiZCD9BYjTy0sKgOKMMUC2SFI2mF0AYmeHBDkD2S0MDEw8JakVIL0MzvkFlUWZ6RklCoaWlpYKjin5SakKwZXFJam5xQqeecn5RQX5RYklqSlAtVA7QIDXJb9EwT0xM0/ByECVgcoAFI4QFiJ8EGIIkFxaVAYPSgYGAQYFBgMGB4YAhkSGeoYFDEcZ3jCKM7owljKuYLzHJMYUxDSB6QKzMHMk80LmNyyWLB0st1j1WFtZ77FZsk1j+8Yezr6bQ4mji+MLZyLnBS5Hri3cmtwLeKR4pvIK8U7iE+abxi/Dv1hAR2CHoKvgFaFUoR/CvSIqIntFw0W/iE0SNxK/IlEhKSd5TCpfWlr6hEyZrLrsLbk+eRf5PwpbFQuV9JTeKq9VKVA1Uf2pdlC9SyNUU0nzg9YB7Uk6qbpWeoJ6r/SPGCwwrDWKMbY1kTdlNn1pdsF8p8USywlWdda5NnG2gXau9tYOxo46TmrOSi4KrvJuCu7KHuqeul4m3jY+7r7Bfgn++QH1gRODlgbvCrkY+jKcKUIu0ioqIroiZmbsnrgHCWyJuklhyQ0pa1JvpnNkWGRmZs3NvpjLnmefX1GwqfBdsXZJVumqsjcV+pUlVbtqGGu96qbWP2zUa6ppPtsq11bYfrRTuquo+3Sval9j/92JNpNmT/47NX7a4RkaM/tnfZ+TMPf0fPMFSxeJLG5d8m1Z5vJ7K0NWnV7jsnbfessN2zaZbN6y1WTb9h1WO/fvdt1zdl/Y/gcHcw79PNJ+TPz4ipPWp86dST776/yki9qXjl5JvPrv+pybNrfu3qm/p3z/xMO8x2JP9j/LfCHy8uDr/Lfy7y58aPpk+vnV1wXfw38K/Dr1p/Wf4///AA0ADzTvzc3MAAAABlBMVEUATnsAAAD+mnh6AAAAAnRSTlP/AOW3MEoAAAAJcEhZcwAALiIAAC4iAari3ZIAAALeSURBVHhe7dXRcuIwEETR8P8/vZK53mygKIi3NWqp+rwEjDOeW0GVr9smEuImIW4S4iYhbhLiJiFuEuImIW4S4iYhbhLiJiGvfIkx9q1+I79i6r7nW+0+fsEVi77z8Z/uQzxdiMHvqEOmnpEtJMRNQn6HkyvAwCc1ISwhwchH7To3rILFH/Xr3LGI+95PXl0XYwkBBj4pChkvIW4Scg0nVoGJp9oQdtBgJtpbri+HAuwUUokdJBiJ4pBxEuImIddxViUY2dSHsIIIQ48QLq2JjL1CirGBCENnhAySEDcJ+Q+cUw1mzghhA5VzqnxwtQ1DqrGAyjmVn6VYQYGJk0JGSIibCSF8uzWYOSOEDVSY2kO4sqoNQ4rxfBWm5rDbSYib8hC+2xKMPBSHsIEKU7v2motLoqLZKaQSz1dhalccoi1h5qE6ZJiEuEnIb3E+RRj6j3aJz9bC+t92CinB82UY+60qpOKM7CEhbhLyHudShamvtM+50R0Lv7JTyCA8X4axr4wLGf4v8KeBIbUS4iYhn+O0ijD0Sf+AWxZx3/tJu84Nq2DxRy//VDI8X4axj8aHFJ6RLSTETUIu4LiKMPRUF8LzZRh7au/5YDkUoL/lg8Xc9//r8f1IbCDC0FNlyFAJcZOQazioIgw91IawgApTD+0NV1dERNdfc3VB94bDjz/PcDxfhamH2pCBEuImIRdxTEUY2hWHsIAMY5v2kmtLoqLZKaQSz1dhalccMk5C3CTkKo6pBjO76hA2UGFq015ybUlUNDuFlGIBFaY21SHDJMRNQi7jmGowsykPYQMVph4hXFoTGXuF1GIBFaZOCJGWMLKrDxkkIW5mhPAF12DmjBA2UDmnygeX2y+kGs9XOafysxIbaDBzSsgQCXEzL4TvuMIx7hhajxVUjhBeL22vkClYQGVeiLakz7uPXV9C3CTETULcJMRNQtwkxE1C3CTETULcJMRNQtwkxMvt9gdiX3KCo5HNSAAAAABJRU5ErkJggg==);
}
div.errcode {
font-size: 4em;
font-weight: 900;
}
div.errdesc {
margin-bottom: 0.5em;
font-size: 2em;
font-weight: 700;
}
div.details {
font-size: 18px;
}
</style>
</head>
<body >
<div class="container">
<div class="reylogo"></div>
<div class="errcode">403</div>
<div class="errdesc">Forbidden</div>
<div class="details">
You do not have permission to access this resource.<br/>
Contact <a href="https://www.reyrey.com/support/">Reynolds and Reynolds Support</a> for assistance.
</div>
</div>
</body>
</html>
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/1067
Port 1067/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2555/www
Port 2555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/5713
Port 5713/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/16384
Port 16384/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 71.332 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 6:40 CDT
Scan duration : 3151 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Linux Kernel 3.0
Confidence level : 56
Method : MLSinFP
The remote host is running Linux Kernel 3.0
50845 - OpenSSL Detection
-
The remote service appears to use OpenSSL to encrypt traffic.
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
Published: 2010/11/30, Modified: 2020/06/12
tcp/443/www
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2555/www
This port supports TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
net-216-37-68-114.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2555/www
The host name known by Nessus is :
net-216-37-68-114.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/443/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2555/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/443/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2555/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2555/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/443/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2555/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2555/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2555/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/443/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2555/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2555/www
A TLSv1.2 server answered on this port.
tcp/2555/www
A web server is running on this port through TLSv1.2.
91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
A server and application performance monitoring solution is running on the remote host.
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
Published: 2016/06/03, Modified: 2023/10/16
tcp/80/www
URL : http://net-216-37-68-114.in-addr.worldspice.net/
Version : unknown
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
121010 - TLS Version 1.1 Protocol Detection
-
The remote service encrypts traffic using an older version of TLS.
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Published: 2019/01/08, Modified: 2023/04/19
tcp/443/www
TLSv1.1 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2555/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.114 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.117
96.110.34.102
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.114
Hop Count: 16
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://net-216-37-68-114.in-addr.worldspice.net/UKtDyAyWf9bh.html
|
|
|
|
|
0 |
1 |
4 |
0 |
54 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 07:11:42 2023 |
| End time: |
Thu Oct 26 10:00:25 2023 |
|
|
| DNS Name: |
net-216-37-68-115.in-addr.worldspice.net |
| IP: |
216.37.68.115 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
The remote web server is not enforcing HSTS, as defined by RFC 6797.
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published: 2020/11/17, Modified: 2023/06/08
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/8010/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/8010/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
46180 - Additional DNS Hostnames
-
Nessus has detected potential virtual hosts.
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Published: 2010/04/29, Modified: 2022/08/15
tcp/0
The following hostnames point to the remote host :
- ibc.gossettmotors.com
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
Following application CPE matched on the remote system :
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : unknown
Confidence level : 56
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
UCC HTTP Server
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/443/www
The remote web server type is :
UCC HTTP Server
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.115 resolves as net-216-37-68-115.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
content-length: 152
server: UCC HTTP Server
location: https://net-216-37-68-115.in-addr.worldspice.net/default.htm
connection: close
content-type: text/html
date: Thu, 26 Oct 2023 12:59:46 GMT
Response Body :
<HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY><H1>404 Not Found</H1>
The requested resource [/default.htm] was not found on this server.<BR>
</BODY>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 404 Not Found
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
content-length: 152
strict-transport-security: max-age=31556952
server: UCC HTTP Server
connection: close
content-type: text/html
date: Thu, 26 Oct 2023 12:59:44 GMT
Response Body :
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/8010/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-115.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/21
Port 21/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/25
Port 25/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/110
Port 110/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/119
Port 119/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/143
Port 143/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/1067
Port 1067/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/1202
Port 1202/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/5713
Port 5713/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/8010/www
Port 8010/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 66.044 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 7:12 CDT
Scan duration : 10101 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 56
Method : MLSinFP
The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 8010 (15 hops away)
- 80 (15 hops away)
- 21 (15 hops away)
- 443 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
+ On the following port(s) :
- 110 (15 hops away)
- 119 (15 hops away)
- 143 (15 hops away)
- 25 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.3/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/8010/www
This port supports TLSv1.3/TLSv1.2.
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: ibc.gossettmotors.com
Issuer Name:
Country: US
Organization: DigiCert Inc
Organization Unit: www.digicert.com
Common Name: GeoTrust TLS RSA CA G1
Serial Number: 03 AF A1 53 01 65 67 7B 70 AD 4E 5C 25 9D A9 09
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Apr 26 00:00:00 2023 GMT
Not Valid After: May 26 23:59:59 2024 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 F0 15 73 F0 4A 5F 3A 17 AC D1 0C A1 84 B1 AC D7 27 28 35
D3 FE 36 EC 1D BB 9C 13 6B 05 5D E0 CA 7D 59 B7 CE 91 52 1F
80 64 5A 7F AC F0 9D 57 CF DF 6D 8B 89 B6 28 3E AD 58 59 8C
CC 69 B3 56 44 4C 59 53 2D 7C 6C 72 A7 CD AE FB 18 9C AC 93
7F 4A 2E A2 BB F6 6A 9B E1 B4 F9 53 04 E4 E9 FF 77 49 5C 4C
46 83 39 47 DD E8 C4 B8 B2 BE 25 56 15 1C 45 67 88 48 C2 BD
0F 5A 28 1B CB 28 25 6C 4F 82 E7 EF F5 FD 64 6E 3F 8E A4 31
DC C4 D9 AA 2A EA 11 01 46 A5 3F EC A8 A1 6E C5 9B 6C D8 11
56 A3 3B D6 11 45 D1 AB C1 32 46 CA E7 2C 70 5B 2E 37 EA 24
1A 98 19 44 58 83 A7 81 B3 7F 61 7F E5 AF C8 FF F5 2C F2 E7
36 11 5A 70 CC B8 89 82 C2 86 5B FF AF E8 10 23 68 84 DE 2E
4F 80 47 03 0C FA F4 4D 33 CD 5C 24 BB 1A F4 8F 43 C3 B7 4D
E1 47 1A 8A 62 D9 E0 DC CE AC 45 36 51 6A B2 78 45
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 70 C4 1E 47 86 34 FA D3 9D 6E B1 82 E2 AE A0 EF 9B 90 00
12 E3 48 73 12 85 BD 14 B4 1F B4 3D 1A 5A 7D D6 48 33 6B 8D
6E 7E B8 38 82 C4 53 28 9F 9C FD 05 46 55 E5 65 E6 70 98 C1
9D 7B CA 21 E0 8C D7 20 BF 3B 62 F7 0C D3 25 71 65 A4 44 C3
0F 09 A1 15 2B 52 38 38 58 22 56 2F B8 92 3F 8E 78 68 C8 0D
DB D6 A2 38 37 E3 BA 00 F4 74 06 65 61 BE 8D 07 99 8B 96 D7
7A 69 F7 1E 55 BF 9A 19 86 0C 15 81 56 79 C9 8D 3A 68 6A C5
2B B1 8F F9 52 1C 6B 1D 1A 72 77 02 3B 0F D3 FB 7F C9 FF 2A
E9 FB D5 D4 DC 34 10 EB CB 71 F6 72 71 04 C5 F4 B3 69 E4 73
2F 96 C2 6A 90 84 64 AC 01 A6 3A B3 B0 66 3C 02 CD A6 39 CE
FE B5 07 2A 9C CC 34 98 90 E8 96 E6 B7 A9 B6 FA E4 04 00 18
11 15 0A E2 D6 0E 21 DD 16 1E F0 0F F0 07 74 42 52 C0 5E 7F
57 2A 6F DA 34 85 C4 55 B1 8F 7E 3D 4F 7A DF CA 85
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 94 4F D4 5D 8B E4 A4 E2 A6 80 FE FD D8 F9 00 EF A3 BE 02 57
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 0D 41 19 CF FE 7C 7E 3B AD 09 17 06 B8 8E 33 B8 DA A5 FB 7A
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: ibc.gossettmotors.com
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1)
CPS URI: http://www.digicert.com/CPS
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://status.geotrust.com
Method#2: Certificate Authority Issuers
URI: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 6C 01 6A 00 76 00 EE CD D0 64 D5 DB 1A CE C5 5C B7
9D B4 CD 13 A2 32 87 46 7C BC EC DE C3 51 48 59 46 71 1F B5
9B 00 00 01 87 BF B6 E4 9C 00 00 04 03 00 47 30 45 02 20 08
DF 8E 51 BA 2B FA BB CA 1E 08 7A 38 D0 16 A3 37 CE 56 C5 08
EA 1C 43 0F 48 BC AA F0 29 74 7C 02 21 00 DD 2B F7 BC DF D7
03 1D BE 6D 01 85 9D 85 7C 7A FC 07 5A 81 97 F5 CE 6A 17 9B
B8 77 47 21 5C EA 00 77 00 73 D9 9E 89 1B 4C 96 78 A0 20 7D
47 9D E6 B2 C6 1C D0 51 5E 71 19 2A 8C 6B 80 10 7A C1 77 72
B5 00 00 01 87 BF B6 E4 E7 00 00 04 03 00 48 30 46 02 21 00
DA BB 6C 23 D2 31 FB D3 C1 5A 39 DF 4C 42 9C 8E CD B8 DC 57
01 EF 27 B9 6A BC 66 91 0D 76 D7 8A 02 21 00 B8 F1 BD DC EE
9D 3C A4 4B B3 EA 46 3C 96 67 28 3A FB 59 18 C9 CA 33 74 E1
53 17 4A CD 2E CA 83 00 77 00 48 B0 E3 6B DA A6 47 34 0F E5
6A 02 FA 9D 30 EB 1C 52 01 CB 56 DD 2C 81 D9 BB BF AB 39 D8
84 73 00 00 01 87 BF B6 E4 B5 00 00 04 03 00 48 30 46 02 21
00 93 C6 AA 87 64 34 F7 7B CF 42 D8 AF 5B 7D 13 3A 7A 35 7A
09 B5 28 6D 53 F4 CE 4B 01 ED 80 4C C7 02 21 00 8E 89 79 DA
E9 0E 7B CA 9F 70 15 79 D0 52 F9 5F D3 AE 9B 58 F7 53 53 68
A7 AC F6 5D 12 C4 4E 76
Fingerprints :
SHA-256 Fingerprint: ED 4C FE 54 2B 2A 6A 53 42 A6 02 3B 31 3C AC 4C 00 A4 46 67
DC 93 C4 40 43 4C 1E 78 B6 12 DB 2A
SHA-1 Fingerprint: 20 A9 44 FD 15 20 D5 A0 2B 68 1A CC 5C 4E E0 7A CA 71 B1 CE
MD5 Fingerprint: 4B DE 61 0B 7A E3 AD 0C 2D 48 78 10 09 89 CC 16
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgIQA6+hUwFlZ3twrU5cJZ2pCTANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcxMB4XDTIzMDQyNjAwMDAwMFoXDTI0MDUyNjIzNTk1OVowIDEeMBwGA1UEAxMVaWJjLmdvc3NldHRtb3RvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8BVz8EpfOhes0QyhhLGs1ycoNdP+Nuwdu5wTawVd4Mp9WbfOkVIfgGRaf6zwnVfP322LibYoPq1YWYzMabNWRExZUy18bHKnza77GJysk39KLqK79mqb4bT5UwTk6f93SVxMRoM5R93oxLiyviVWFRxFZ4hIwr0PWigbyyglbE+C5+/1/WRuP46kMdzE2aoq6hEBRqU/7KihbsWbbNgRVqM71hFF0avBMkbK5yxwWy436iQamBlEWIOngbN/YX/lr8j/9Szy5zYRWnDMuImCwoZb/6/oECNohN4uT4BHAwz69E0zzVwkuxr0j0PDt03hRxqKYtng3M6sRTZRarJ4RQIDAQABo4IDHTCCAxkwHwYDVR0jBBgwFoAUlE/UXYvkpOKmgP792PkA76O+AlcwHQYDVR0OBBYEFA1BGc/+fH47rQkXBriOM7japft6MCAGA1UdEQQZMBeCFWliYy5nb3NzZXR0bW90b3JzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jZHAuZ2VvdHJ1c3QuY29tL0dlb1RydXN0VExTUlNBQ0FHMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVzdFRMU1JTQUNBRzEuY3J0MAkGA1UdEwQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABh7+25JwAAAQDAEcwRQIgCN+OUbor+rvKHgh6ONAWozfOVsUI6hxDD0i8qvApdHwCIQDdK/e839cDHb5tAYWdhXx6/AdagZf1zmoXm7h3RyFc6gB3AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABh7+25OcAAAQDAEgwRgIhANq7bCPSMfvTwVo530xCnI7NuNxXAe8nuWq8ZpENdteKAiEAuPG93O6dPKRLs+pGPJZnKDr7WRjJyjN04VMXSs0uyoMAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYe/tuS1AAAEAwBIMEYCIQCTxqqHZDT3e89C2K9bfRM6ejV6CbUobVP0zksB7YBMxwIhAI6JedrpDnvKn3AVedBS+V/TrptY91NTaKes9l0SxE52MA0GCSqGSIb3DQEBCwUAA4IBAQBwxB5HhjT6051usYLirqDvm5AAEuNIcxKFvRS0H7Q9Glp91kgza41ufrg4gsRTKJ+c/QVGVeVl5nCYwZ17yiHgjNcgvzti9wzTJXFlpETDDwmhFStSODhYIlYvuJI/jnhoyA3b1qI4N+O6APR0BmVhvo0HmYuW13pp9x5Vv5oZhgwVgVZ5yY06aGrFK7GP+VIcax0acncCOw/T+3/J/yrp+9XU3DQQ68tx9nJxBMX0s2nkcy+WwmqQhGSsAaY6s7BmPALNpjnO/rUHKpzMNJiQ6Jbmt6m2+uQEABgRFQri1g4h3RYe8A/wB3RCUsBef1cqb9o0hcRVsY9+PU9638qF
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/8010/www
Subject Name:
Common Name: net-216-37-68-115.in-addr.worldspice.net
Issuer Name:
Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com
Serial Number: 1C B3 1C 26 C5 3D 2E 4F E5 3A
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 02 70 71 CA D3 BA 01 AE DC 4D 61 6C 26 5C 71 3B 53 70 D2
C4 30 09 42 26 57 FF C9 6C 05 71 41 03 5B DC 3C 54 A4 3E 70
53 20 D0 C0 CC BA F3 CD 2B D9 5B 6E FE 2A 3E DC 87 E7 AB 13
F0 F2 D5 85 72 5D 7E 21 9F 19 84 27 ED 6C CC 61 AC F3 74 99
3F 44 5F 1F 8A F3 CE 9D 1F 8F C6 6B B6 3B 02 79 CA 2B 1B FB
0D 8E CC 4A D3 54 2C F7 80 81 E3 58 C2 91 8A C3 BB DF 08 09
79 1B 4A 1A 57 15 5A 69 50 B3 F8 E7 74 E7 22 E1 16 13 E8 9C
85 BE 74 96 D1 E4 42 F4 42 11 93 90 3A 9D AD E8 40 6F 2B 3C
9B E9 F3 58 D4 46 44 DF 0A 8A 42 EB BF BD FE C9 76 EB EC 6D
9A 70 B1 A0 99 C9 C7 10 E8 72 76 D7 D2 DA 99 4E 19 14 A4 63
ED 61 C9 DD BC 83 A6 BE 2E 28 E7 CC CF 8C 08 C6 30 5D 21 C0
6A 98 AE D1 3C CF BC DF 67 B9 3F 7E DB CD 30 B9 32 F5 D0 19
60 D6 D0 4A F3 E3 25 93 C5 3C 60 23 A8 D0 3C F8 4E
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-115.in-addr.worldspice.net
Fingerprints :
SHA-256 Fingerprint: ED 0E 79 E3 6F 61 68 05 6D 7A A0 22 3B 6B C8 1C 3C FE 99 5A
0D 13 40 11 0B 72 BC C0 FE 3F 6B A6
SHA-1 Fingerprint: AF 9E 5B 6C D3 E1 52 C2 39 49 17 2E FA FF 18 10 4C BE 5C 79
MD5 Fingerprint: 52 93 B5 0A BE 6C 95 F9 FC BE 67 E4 88 A5 4F B7
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKHLMcJsU9Lk/lOjANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTExNS5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTE1LmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAAJwccrTugGu3E1hbCZccTtTcNLEMAlCJlf/yWwFcUEDW9w8VKQ+cFMg0MDMuvPNK9lbbv4qPtyH56sT8PLVhXJdfiGfGYQn7WzMYazzdJk/RF8fivPOnR+Pxmu2OwJ5yisb+w2OzErTVCz3gIHjWMKRisO73wgJeRtKGlcVWmlQs/jndOci4RYT6JyFvnSW0eRC9EIRk5A6na3oQG8rPJvp81jURkTfCopC67+9/sl26+xtmnCxoJnJxxDocnbX0tqZThkUpGPtYcndvIOmvi4o58zPjAjGMF0hwGqYrtE8z7zfZ7k/ftvNMLky9dAZYNbQSvPjJZPFPGAjqNA8+E4=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/8010/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/8010/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/8010/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/443/www
The following root Certification Authority certificate was found :
|-Subject : C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2
|-Issuer : C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2
|-Valid From : Aug 01 12:00:00 2013 GMT
|-Valid To : Jan 15 12:00:00 2038 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/8010/www
The following root Certification Authority certificate was found :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/8010/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/8010/www
A TLSv1.2 server answered on this port.
tcp/8010/www
A web server is running on this port through TLSv1.2.
91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
A server and application performance monitoring solution is running on the remote host.
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
Published: 2016/06/03, Modified: 2023/10/16
tcp/80/www
URL : http://net-216-37-68-115.in-addr.worldspice.net/
Version : unknown
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/8010/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.115 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.115
Hop Count: 16
11154 - Unknown Service Detection: Banner Retrieval
-
There is an unknown service running on the remote host.
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Published: 2002/11/18, Modified: 2022/07/26
tcp/1202
If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :
Port : 1202
Type : get_http
Banner :
0x00: 01 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00 ....g...........
0x10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
0x60: 00 00 00 00 00 00 00 00 00 00 00 00 ............
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://net-216-37-68-115.in-addr.worldspice.net/QQzyI792a0NK.html
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/8010/www
The following string will be used :
TYPE=password
|
|
|
|
|
0 |
1 |
3 |
0 |
61 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 07:33:23 2023 |
| End time: |
Thu Oct 26 08:30:52 2023 |
|
|
| DNS Name: |
net-216-37-68-116.in-addr.worldspice.net |
| IP: |
216.37.68.116 |
| OS: |
Linux Kernel 3.1 |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2555/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/80/www
URL : http://net-216-37-68-116.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/2555/www
URL : https://net-216-37-68-116.in-addr.worldspice.net:2555/
Version : unknown
Source : Server: Apache
backported : 0
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:linux:linux_kernel -> Linux Kernel
Following application CPE's matched on the remote system :
cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:nginx:nginx -> Nginx
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : unknown
Confidence level : 56
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2555/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
Apache
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/443/www
The remote web server type is :
nginx
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/2555/www
The remote web server type is :
Apache
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.116 resolves as net-216-37-68-116.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 13:03:13 GMT
Server: Apache
Location: https://net-216-37-68-116.in-addr.worldspice.net/
Content-Length: 257
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-116.in-addr.worldspice.net/">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Server: nginx
Date: Thu, 26 Oct 2023 13:03:14 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 268
Connection: keep-alive
Location: https://net-216-37-68-116.in-addr.worldspice.net/smgdownload
Strict-Transport-Security: max-age=86400; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-116.in-addr.worldspice.net/smgdownload">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2555/www
Response Code : HTTP/1.1 403 Forbidden
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 13:03:13 GMT
Server: Apache
Content-Length: 321
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/8004/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 13:03:13 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Response Body :
system is not profiled for ignite anywhere
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/1067
Port 1067/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2555/www
Port 2555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/5713
Port 5713/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/8004/www
Port 8004/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/16384
Port 16384/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 85.611 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 7:33 CDT
Scan duration : 3439 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Linux Kernel 3.1
Confidence level : 56
Method : MLSinFP
The remote host is running Linux Kernel 3.1
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2555/www
This port supports TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
net-216-37-68-116.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2555/www
The host name known by Nessus is :
net-216-37-68-116.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/443/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2555/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/443/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2555/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2555/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/443/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2555/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2555/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2555/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/443/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2555/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2555/www
A TLSv1.2 server answered on this port.
tcp/2555/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/8004/www
A web server is running on this port.
91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
A server and application performance monitoring solution is running on the remote host.
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
Published: 2016/06/03, Modified: 2023/10/16
tcp/80/www
URL : http://net-216-37-68-116.in-addr.worldspice.net/
Version : unknown
91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
A server and application performance monitoring solution is running on the remote host.
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
Published: 2016/06/03, Modified: 2023/10/16
tcp/2555/www
URL : https://net-216-37-68-116.in-addr.worldspice.net:2555/
Version : unknown
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=86400; includeSubDomains
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
62564 - TLS Next Protocols Supported
-
The remote service advertises one or more protocols as being supported over TLS.
This script detects which protocols are advertised by the remote service to be encapsulated by TLS connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service may be falsely advertising these protocols and / or failing to advertise other supported protocols.
Published: 2012/10/16, Modified: 2022/04/11
tcp/443/www
The target advertises that the following protocols are
supported over SSL / TLS:
h2
http/1.1
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2555/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.116 :
192.168.100.162
192.168.100.1
216.37.68.116
Hop Count: 2
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://net-216-37-68-116.in-addr.worldspice.net/mMt_OM7ly1GC.html
106375 - nginx HTTP Server Detection
-
The nginx HTTP server was detected on the remote host.
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
Published: 2018/01/26, Modified: 2023/05/24
tcp/443/www
URL : https://net-216-37-68-116.in-addr.worldspice.net/
Version : unknown
source : Server: nginx
|
|
|
|
|
0 |
1 |
3 |
0 |
61 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 08:30:52 2023 |
| End time: |
Thu Oct 26 09:28:48 2023 |
|
|
| DNS Name: |
net-216-37-68-117.in-addr.worldspice.net |
| IP: |
216.37.68.117 |
| OS: |
Check Point GAiA |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2555/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=*.m.reyrey.net
|-Issuer : C=US/O=Let's Encrypt/CN=R3
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/80/www
URL : http://net-216-37-68-117.in-addr.worldspice.net/
Version : unknown
Source : Server: Apache
backported : 0
48204 - Apache HTTP Server Version
-
It is possible to obtain the version number of the remote Apache HTTP server.
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
|
|
| XREF |
IAVT:0001-T-0030 |
| XREF |
IAVT:0001-T-0530 |
Published: 2010/07/30, Modified: 2023/08/17
tcp/2555/www
URL : https://net-216-37-68-117.in-addr.worldspice.net:2555/
Version : unknown
Source : Server: Apache
backported : 0
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:checkpoint:gaia_os -> CheckPoint GAiA OS
Following application CPE's matched on the remote system :
cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:nginx:nginx -> Nginx
cpe:/a:solarwinds:server_and_application_monitor -> Solarwinds Server and Application Monitor (SAM)
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : unknown
Confidence level : 56
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2555/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
Apache
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/443/www
The remote web server type is :
nginx
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/2555/www
The remote web server type is :
Apache
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.117 resolves as net-216-37-68-117.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 13:58:21 GMT
Server: Apache
Location: https://net-216-37-68-117.in-addr.worldspice.net/
Content-Length: 257
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-117.in-addr.worldspice.net/">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Server: nginx
Date: Thu, 26 Oct 2023 13:58:22 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 268
Connection: keep-alive
Location: https://net-216-37-68-117.in-addr.worldspice.net/smgdownload
Strict-Transport-Security: max-age=86400; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://net-216-37-68-117.in-addr.worldspice.net/smgdownload">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2555/www
Response Code : HTTP/1.1 403 Forbidden
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 13:58:21 GMT
Server: Apache
Content-Length: 321
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/8004/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 26 Oct 2023 13:58:22 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Response Body :
system is not profiled for ignite anywhere
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/1067
Port 1067/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2555/www
Port 2555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/5713
Port 5713/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/8004/www
Port 8004/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/16384
Port 16384/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 76.286 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 8:31 CDT
Scan duration : 3466 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Check Point GAiA
Confidence level : 56
Method : MLSinFP
The remote host is running Check Point GAiA
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2555/www
This port supports TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
net-216-37-68-117.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2555/www
The host name known by Nessus is :
net-216-37-68-117.in-addr.worldspice.net
The Common Name in the certificate is :
*.m.reyrey.net
The Subject Alternate Name in the certificate is :
*.m.reyrey.net
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/443/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2555/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.m.reyrey.net
|-Not After : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/443/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2555/www
The SSL certificate will expire within 60 days, at
Dec 13 22:12:48 2023 GMT :
Subject : CN=*.m.reyrey.net
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 14 22:12:49 2023 GMT
Not valid after : Dec 13 22:12:48 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2555/www
Subject Name:
Common Name: *.m.reyrey.net
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 B3 CC 35 93 D3 EE EC F8 DD F1 F0 F0 E9 67 09 CB F3
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 14 22:12:49 2023 GMT
Not Valid After: Dec 13 22:12:48 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA E5 3D 83 1E 6B 2B 1D 37 90 A0 98 CC 2D 8C 4A E1 8F 15
BC 65 4A C2 24 E6 6C F5 F4 37 B7 A0 76 4F 46 BC C2 98 3F 92
45 9D EC 74 FB B6 64 36 7C F2 C1 13 46 0C 48 AA 4C 8D 65 3E
8A D2 CA 7F 99 43 06 2A 03 88 62 8E BE 51 74 78 2B 8D 5C 47
69 2E 76 29 CA F5 2B 07 7A F7 33 35 05 FF 88 00 6C 13 F3 6D
74 3C BD F7 02 4F 5B 65 0F 42 68 11 05 BF 67 78 38 92 67 D3
3B 13 EA 1D A9 29 76 17 26 97 D9 34 5F C1 D2 13 80 18 13 4A
43 0D 27 FE 3A 7F 56 BA F6 9A 06 9F 06 B8 1F 5A 53 E3 9B 47
BC EA B2 96 F7 1A 09 EB 9D C7 F9 30 A8 55 49 09 54 D0 C5 1A
9D 02 45 69 DB A0 28 13 41 87 97 85 C1 63 D4 50 C7 98 76 EA
0C A0 FA F5 D1 EB 5F AA A7 2B CF 1C 29 7F 4A 31 E6 FE 1A 89
4F D6 95 88 48 8A 6B 2D AD E7 4D 98 E7 1F FB 99 FA CB 32 37
32 19 A7 A8 20 53 F1 EF 63 B6 9D BB 6C A7 04 A5 81
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 2D CA 40 3C B1 94 5B 19 89 ED 17 FA 2C 79 76 B0 86 7D C0
C5 BC 75 A5 BC 5F 73 F7 62 0A 89 52 55 51 10 F9 04 BA 4A B6
8D 3A 25 25 AF 0E FD 54 EB 28 93 22 E2 B0 9A 78 3C 25 71 8A
E4 CE 7C A2 62 A8 D2 E0 14 A4 3B C4 7E A0 0F C3 D1 94 CA F3
78 27 1C EA 9C 00 BA D3 79 EE 95 19 C8 9A 93 30 FD 3A 65 11
C3 27 CA 80 8F 1D EC B0 28 5A 86 77 25 97 A4 10 68 1A A7 B1
EE 67 00 08 BE D9 C0 D3 67 6B 32 75 D5 83 5B 9D 03 38 DE E3
4D 06 52 70 B6 7F 80 E5 E7 96 36 68 1C D2 83 2A 21 C7 C3 76
82 81 52 19 94 6A D7 D5 89 FD 66 99 5E CB 40 D9 72 69 DF ED
EE DA 8A CC BE B0 55 F3 38 C2 10 FB FA 29 D9 85 3E 0B 57 2A
80 C7 EF 76 AA 23 BD 2C AD D7 41 E3 4E C8 E1 0D 21 C9 EA FB
4C 0A 36 7A 48 1A A1 5A 1C 25 1F 4C 26 F9 71 2E BC A3 4C 9B
72 44 94 8D 0B F0 89 C0 1B 7E 22 B9 4F 13 77 96 AB
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: BF D3 57 0F 8F 25 EB 8B 86 50 18 77 9C 42 70 B0 13 CA B7 AA
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.m.reyrey.net
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F3 00 F1 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 95 F7 F2 74 00 00 04 03 00 47 30 45 02 20 56 5E
44 98 27 6A 80 E4 3F 3E 17 A7 00 91 9D 75 1C 8B 06 5A 6F 6D
CE D2 0D 2F 09 EA DB 3E 02 4D 02 21 00 B5 70 58 23 EC 0D 3A
EE 9C 71 E7 0D 03 E3 A2 C5 E8 81 2F AA 34 5E 63 00 DF E1 8C
E3 F2 49 E2 F5 00 77 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0
52 1E E9 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB 52
00 00 01 8A 95 F7 F2 8B 00 00 04 03 00 48 30 46 02 21 00 D6
80 05 A2 4D A7 CA B3 41 34 40 EB 47 E1 4D 36 E2 67 22 D4 F4
DA 7E 61 87 33 40 46 90 37 C8 49 02 21 00 FB 18 11 AA D2 D8
1A E1 A6 24 AF 4A 08 1C 6E BF 51 1F 44 89 83 ED 35 9F 8B 11
B8 2A 53 AD 01 26
Fingerprints :
SHA-256 Fingerprint: F5 0B E9 01 23 99 87 83 D7 EF 60 D4 B1 3C A4 08 2C AA 8D 2A
1F D4 51 FF 7E B9 97 93 4A 26 C2 83
SHA-1 Fingerprint: A0 AD 31 25 BB 7A F8 B0 59 06 38 76 D2 8F 5D A8 D7 F5 28 94
MD5 Fingerprint: 39 29 E7 7A 9D 87 B4 45 29 E1 F3 C9 33 6F FA C0
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgISA7PMNZPT7uz43fHw8OlnCcvzMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MTQyMjEyNDlaFw0yMzEyMTMyMjEyNDhaMBkxFzAVBgNVBAMMDioubS5yZXlyZXkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU9gx5rKx03kKCYzC2MSuGPFbxlSsIk5mz19De3oHZPRrzCmD+SRZ3sdPu2ZDZ88sETRgxIqkyNZT6K0sp/mUMGKgOIYo6+UXR4K41cR2kudinK9SsHevczNQX/iABsE/NtdDy99wJPW2UPQmgRBb9neDiSZ9M7E+odqSl2FyaX2TRfwdITgBgTSkMNJ/46f1a69poGnwa4H1pT45tHvOqylvcaCeudx/kwqFVJCVTQxRqdAkVp26AoE0GHl4XBY9RQx5h26gyg+vXR61+qpyvPHCl/SjHm/hqJT9aViEiKay2t502Y5x/7mfrLMjcyGaeoIFPx72O2nbtspwSlgQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS/01cPjyXri4ZQGHecQnCwE8q3qjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAZBgNVHREEEjAQgg4qLm0ucmV5cmV5Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABipX38nQAAAQDAEcwRQIgVl5EmCdqgOQ/PhenAJGddRyLBlpvbc7SDS8J6ts+Ak0CIQC1cFgj7A067pxx5w0D46LF6IEvqjReYwDf4Yzj8kni9QB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABipX38osAAAQDAEgwRgIhANaABaJNp8qzQTRA60fhTTbiZyLU9Np+YYczQEaQN8hJAiEA+xgRqtLYGuGmJK9KCBxuv1EfRImD7TWfixG4KlOtASYwDQYJKoZIhvcNAQELBQADggEBAC3KQDyxlFsZie0X+ix5drCGfcDFvHWlvF9z92IKiVJVURD5BLpKto06JSWvDv1U6yiTIuKwmng8JXGK5M58omKo0uAUpDvEfqAPw9GUyvN4JxzqnAC603nulRnImpMw/TplEcMnyoCPHeywKFqGdyWXpBBoGqex7mcACL7ZwNNnazJ11YNbnQM43uNNBlJwtn+A5eeWNmgc0oMqIcfDdoKBUhmUatfVif1mmV7LQNlyad/t7tqKzL6wVfM4whD7+inZhT4LVyqAx+92qiO9LK3XQeNOyOENIcnq+0wKNnpIGqFaHCUfTCb5cS68o0ybckSUjQvwicAbfiK5TxN3lqs=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/443/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2555/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2555/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2555/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/443/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2555/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2555/www
A TLSv1.2 server answered on this port.
tcp/2555/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/8004/www
A web server is running on this port.
91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
A server and application performance monitoring solution is running on the remote host.
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
Published: 2016/06/03, Modified: 2023/10/16
tcp/80/www
URL : http://net-216-37-68-117.in-addr.worldspice.net/
Version : unknown
91459 - SolarWinds Server & Application Monitor (SAM) Detection
-
A server and application performance monitoring solution is running on the remote host.
SolarWinds Server & Application Monitor (SAM), a server and application performance monitoring solution, is running on the remote host.
Published: 2016/06/03, Modified: 2023/10/16
tcp/2555/www
URL : https://net-216-37-68-117.in-addr.worldspice.net:2555/
Version : unknown
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=86400; includeSubDomains
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
62564 - TLS Next Protocols Supported
-
The remote service advertises one or more protocols as being supported over TLS.
This script detects which protocols are advertised by the remote service to be encapsulated by TLS connections.
Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service may be falsely advertising these protocols and / or failing to advertise other supported protocols.
Published: 2012/10/16, Modified: 2022/04/11
tcp/443/www
The target advertises that the following protocols are
supported over SSL / TLS:
h2
http/1.1
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2555/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.117 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
96.108.31.146
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.117
Hop Count: 17
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://net-216-37-68-117.in-addr.worldspice.net/vMakhcstxGmw.html
106375 - nginx HTTP Server Detection
-
The nginx HTTP server was detected on the remote host.
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
Published: 2018/01/26, Modified: 2023/05/24
tcp/443/www
URL : https://net-216-37-68-117.in-addr.worldspice.net/
Version : unknown
source : Server: nginx
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 09:28:48 2023 |
| End time: |
Thu Oct 26 10:06:12 2023 |
|
|
| DNS Name: |
net-216-37-68-118.in-addr.worldspice.net |
| IP: |
216.37.68.118 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.118 resolves as net-216-37-68-118.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 1.739 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 9:29 CDT
Scan duration : 2230 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.118 :
192.168.100.162
192.168.100.1
216.37.68.118
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 10:00:25 2023 |
| End time: |
Thu Oct 26 10:37:56 2023 |
|
|
| DNS Name: |
net-216-37-68-119.in-addr.worldspice.net |
| IP: |
216.37.68.119 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.119 resolves as net-216-37-68-119.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.334 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:00 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.119 :
192.168.100.162
192.168.100.1
216.37.68.119
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 10:06:12 2023 |
| End time: |
Thu Oct 26 10:43:37 2023 |
|
|
| DNS Name: |
net-216-37-68-120.in-addr.worldspice.net |
| IP: |
216.37.68.120 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.120 resolves as net-216-37-68-120.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.661 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:06 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.120 :
192.168.100.162
192.168.100.1
216.37.68.120
Hop Count: 2
|
|
|
|
|
0 |
2 |
3 |
3 |
24 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 10:37:56 2023 |
| End time: |
Thu Oct 26 10:55:46 2023 |
|
|
| DNS Name: |
mail.wmww.com |
| IP: |
216.37.68.121 |
| OS: |
CISCO IOS 15, CISCO IOS 12, Cisco IOS XE, CISCO PIX |
96802 - Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check)
-
A remote device is affected by an information disclosure vulnerability.
The IKE service running on the remote Cisco IOS device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings.
BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvb29204.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.1 (CVSS2#E:F/RL:OF/RC:C)
|
|
| BID |
93003 |
| CVE |
CVE-2016-6415 |
| XREF |
CISCO-BUG-ID:CSCvb29204 |
| XREF |
CISCO-SA:cisco-sa-20160916-ikev1 |
| XREF |
CISA-KNOWN-EXPLOITED:2023/06/09 |
Published: 2017/01/26, Modified: 2023/05/20
udp/500/ike
Memory content was returned in the following Notification payload :
0x0000: 00 00 00 01 01 00 00 0E 00 00 04 28 00 00 00 01 ...........(....
0x0010: 00 00 00 01 0C B1 00 00 03 0D 0D 60 00 00 00 02 ...........`....
0x0020: 03 0D 0D 60 44 00 00 82 03 0D 0D 60 00 00 00 06 ...`D......`....
0x0030: 0D 68 3A A8 0D 1B 59 78 03 0D 0D 80 0F 49 28 40 .h:...Yx.....I(@
0x0040: 03 0D 0D A8 08 75 BD 54 03 0D 0D 80 0F 48 53 20 .....u.T.....HS
0x0050: 01 00 BC FC 00 00 00 12 01 00 BC E4 00 00 00 01 ................
0x0060: 03 0D 0D E0 09 6B 01 0C 01 00 00 00 00 00 00 00 .....k..........
0x0070: 00 00 00 00 00 00 00 00 00 00 00 00 09 84 C3 C8 ................
0x0080: 0F 49 28 40 03 0D 0E A0 03 0D 0E 9C 03 0D 0E 98 .I(@............
0x0090: 0D 61 00 00 0E 06 13 90 03 0D 0E A8 0B 73 6E 88 .a...........sn.
0x00A0: 00 00 00 00 00 00 00 18 0F 08 C6 68 01 00 C1 60 ...........h...`
0x00B0: 00 00 00 03 00 00 00 05 0F 08 C6 68 01 00 BC E4 ...........h....
0x00C0: 03 0D 0D F0 09 66 73 2C 0B 7E 6F 28 0B 7E 70 90 .....fs,.~o(.~p.
0x00D0: 03 0D 0E 18 09 BF FA EC 03 0D 0E 38 0E 05 FF D8 ...........8....
0x00E0: 01 00 BC E4 0F 08 C6 68 00 00 00 03 09 BF F9 E0 .......h........
0x00F0: 00 00 00 03 00 00 00 05 03 0D 0E 38 09 BF FB 64 ...........8...d
0x0100: 09 BF F9 D8 09 BF F9 E0 02 F3 F9 24 01 00 BC E4 ...........$....
0x0110: 00 00 00 01 0E 06 12 00 03 0D 0E 60 09 66 57 E4 ...........`.fW.
0x0120: 08 78 77 D8 0E 05 FF D8 0C CE FD E8 00 00 00 00 .xw.............
0x0130: 0E 06 13 88 01 00 BC E4 01 00 93 68 0F 08 C6 68 ...........h...h
0x0140: 03 0D 0E 78 09 66 59 B0 0E 06 13 88 00 00 00 03 ...x.fY.........
0x0150: 01 00 BC E4 01 00 93 68 03 0D 0E 90 09 6C 00 A8 .......h.....l..
0x0160: FF FF FF FF 00 00 00 04 FF FF FF FF 00 00 00 00 ................
0x0170: 03 0D 0F 00 09 6C EC 6C 00 00 00 02 00 00 00 01 .....l.l........
0x0180: 0F 7C B7 FC FF FF FF FF 00 00 00 00 FF FF FF FF .|..............
0x0190: FF FF FF FF FF FF FF FF 09 6C EA 60 00 00 00 00 .........l.`....
0x01A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
0x01E0: 03 0D 0F 08 05 CA 01 88 00 00 00 00 05 C8 74 64 ..............td
0x01F0: FD 01 10 DF AB 12 34 CD FF FE 00 00 00 00 00 00 ......4.........
0x0200: 0B 81 19 D0 09 71 02 34 03 0D 0F 60 03 0C E0 14 .....q.4...`....
0x0210: 80 00 00 0E 00 00 00 01 00 00 00 00 01 00 00 01 ................
0x0220: 0E 42 1E C8 0B 80 18 A0 0B 80 03 7C 00 00 00 00 .B.........|....
0x0230: 00 00 01 36 00 00 00 00 00 00 00 00 FD 01 10 DF ...6............
0x0240: AB 12 34 CD FF FE 00 00 00 00 00 00 0A 4E 9D F8 ..4..........N..
0x0250: 09 BF AC 64 03 0D 0F AC 03 0D 0F 28 80 00 00 0E ...d.......(....
0x0260: 00 00 00 01 00 00 00 00 01 00 00 01 0E 42 1E C8 .............B..
0x0270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0280: 00 00 00 00 00 00 00 00 FD 01 10 DF AB 12 34 CD ..............4.
0x0290: FF FE 00 00 00 00 00 00 0B 86 14 64 09 82 97 C0 ...........d....
0x02A0: 03 0D 10 54 03 0D 0F 74 80 00 00 3C 00 00 00 01 ...T...t...<....
0x02B0: 00 00 00 00 01 00 00 01 0E 42 1E C8 02 F3 FC 10 .........B......
0x02C0: 0E 10 E5 CC 00 00 00 00 00 00 00 00 0E 10 E5 CC ................
0x02D0: 00 00 00 28 00 00 00 00 00 00 00 7C 00 00 00 80 ...(.......|....
0x02E0: 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 48 ...............H
0x02F0: 00 00 00 00 00 00 00 41 0D 68 3A A8 00 00 00 00 .......A.h:.....
0x0300: 00 00 00 00 00 00 00 00 00 00 00 00 53 41 44 42 ............SADB
0x0310: 20 53 41 20 48 65 61 64 65 72 20 00 03 0D 10 50 SA Header ....P
0x0320: 03 0D 10 50 00 00 00 00 00 00 00 00 00 00 00 01 ...P............
0x0330: FD 01 10 DF AB 12 34 CD FF FE 00 00 00 00 00 00 ......4.........
0x0340: 0A 4E 9D F8 08 7B D8 9C 03 0D 10 A0 03 0D 0F C0 .N...{..........
0x0350: 80 00 00 0E 00 00 00 01 00 00 00 00 01 00 00 01 ................
0x0360: 0E 42 1E C8 00 00 00 00 00 00 00 00 00 00 00 00 .B..............
0x0370: 00 00 00 00 00 00 00 00 00 00 00 00 FD 01 10 DF ................
0x0380: AB 12 34 CD 01 38 00 00 00 00 01 38 0A 49 DA A0 ..4..8.....8.I..
0x0390: 08 78 99 A0 03 0D 14 04 03 0D 10 68 80 00 01 9A .x.........h....
0x03A0: 00 00 00 01 00 00 00 00 01 00 01 3F 01 BF 84 74 ...........?...t
0x03B0: 0F CC 4B 34 0F CC 79 70 00 00 00 00 09 70 AB 5C ..K4..yp.....p.\
0x03C0: 00 00 00 00 0B 81 0A 0C 0D 61 00 00 0B 4A 99 08 .........a...J..
0x03D0: 0B 81 09 C8 0B 81 09 9C 0D 61 00 00 0D 61 00 00 .........a...a..
0x03E0: 0B 81 09 58 0F CC 79 B8 0F CC 79 B0 0F CC 79 AC ...X..y...y...y.
0x03F0: 0F CC 79 A8 0E 06 1D 80 0E F3 23 34 00 00 00 00 ..y.......#4....
0x0400: 0C 25 00 00 24 00 00 28 08 78 78 40 02 02 92 00 .%..$..(.xx@....
0x0410: 00 00 00 00 00 00 00 00 00 00 00 00 09 70 AB 5C .............p.\
0x0420: 00 00 00 00 00 01 00 00 00 00 00 01 00 00 00 00 ................
0x0430:
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
62694 - Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key
-
The remote IKEv1 service supports Aggressive Mode with Pre-Shared key.
The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks.
- Disable Aggressive Mode if supported.
- Do not use Pre-Shared key for authentication if it's possible.
- If using Pre-Shared key cannot be avoided, use very strong keys.
- If possible, do not allow VPN connections from any IP addresses.
Note that this plugin does not run over IPv6.
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2012/10/24, Modified: 2021/08/13
udp/500/ike
42263 - Unencrypted Telnet Server
-
The remote Telnet server transmits traffic in cleartext.
The remote host is running a Telnet server over an unencrypted channel.
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.
Disable the Telnet service and use SSH instead.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published: 2009/10/27, Modified: 2020/06/12
tcp/23/telnet
Nessus collected the following banner from the remote Telnet server :
------------------------------ snip ------------------------------
-------------------------------------
Reynolds & Reynolds Maintained Device
Unauthorized Access is Prohibited!
-------------------------------------
User Access Verification
Username:
------------------------------ snip ------------------------------
70658 - SSH Server CBC Mode Ciphers Enabled
-
The SSH server is configured to use Cipher Block Chaining.
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 (CVSS2#E:U/RL:OF/RC:C)
Published: 2013/10/28, Modified: 2018/07/30
tcp/22/ssh
The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
153953 - SSH Weak Key Exchange Algorithms Enabled
-
The remote SSH server is configured to allow weak key exchange algorithms.
The remote SSH server is configured to allow key exchange algorithms which are considered weak.
This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
gss-gex-sha1-*
gss-group1-sha1-*
gss-group14-sha1-*
rsa1024-sha1
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Contact the vendor or consult product documentation to disable the weak algorithms.
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published: 2021/10/13, Modified: 2021/10/13
tcp/22/ssh
The following weak key exchange algorithms are enabled :
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
71049 - SSH Weak MAC Algorithms Enabled
-
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published: 2013/11/22, Modified: 2016/12/14
tcp/22/ssh
The following client-to-server Message Authentication Code (MAC) algorithms
are supported :
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms
are supported :
hmac-sha1-96
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE's :
cpe:/o:cisco:ios:12 -> Cisco IOS
cpe:/o:cisco:ios:15 -> Cisco IOS
cpe:/o:cisco:ios_xe -> Cisco IOS XE
cpe:/o:cisco:pix_firewall -> Cisco PIX Firewall Software
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : router
Confidence level : 69
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.121 resolves as mail.wmww.com.
11935 - IPSEC Internet Key Exchange (IKE) Version 1 Detection
-
A VPN server is listening on the remote port.
The remote host seems to be enabled to do Internet Key Exchange (IKE) version 1. This is typically indicative of a VPN server. VPN servers are used to connect remote hosts into internal resources.
Make sure that the use of this VPN endpoint is done in accordance with your corporate security policy.
Note that if the remote host is not configured to allow the Nessus host to perform IKE/IPSEC negotiations, Nessus won't be able to detect the IKE service.
Also note that this plugin does not run over IPv6.
If this service is not needed, disable it or filter incoming traffic to this port.
Published: 2003/12/02, Modified: 2020/09/22
udp/500/ike
62695 - IPSEC Internet Key Exchange (IKE) Version 2 Detection
-
A VPN server is listening on the remote port.
The remote host seems to be enabled to do Internet Key Exchange (IKE).
This is typically indicative of a VPN server. VPN servers are used to connect remote hosts into internal resources.
Make sure that the use of this VPN endpoint is done in accordance with your corporate security policy.
Note that if the remote host is not configured to allow the Nessus host to perform IKE/IPSEC negotiations, Nessus won't be able to detect the IKE service.
Also note that this plugin does not run over IPv6.
If this service is not needed, disable it or filter incoming traffic to this port.
Published: 2012/10/24, Modified: 2020/09/22
udp/500/ike
Nessus was able to get the following IKE vendor ID(s) :
CISCO-DELETE-REASON
FLEXVPN-SUPPORTED
46215 - Inconsistent Hostname and IP Address
-
The remote host's hostname is not consistent with DNS information.
The name of this machine either does not resolve or resolves to a different IP address.
This may come from a badly configured reverse DNS or from a host file in use on the Nessus scanning host.
As a result, URLs in plugin output may not be directly usable in a web browser and some web tests may be incomplete.
Fix the reverse DNS or host file.
Published: 2010/05/03, Modified: 2016/08/05
tcp/0
The host name 'mail.wmww.com' resolves to 76.223.54.146, not to 216.37.68.121
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/22/ssh
Port 22/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/23/telnet
Port 23/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 78.030 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:37 CDT
Scan duration : 1070 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : CISCO IOS 15
CISCO IOS 12
Cisco IOS XE
CISCO PIX
Confidence level : 69
Method : SSH
The remote host is running one of these operating systems :
CISCO IOS 15
CISCO IOS 12
Cisco IOS XE
CISCO PIX
117886 - OS Security Patch Assessment Not Available
-
OS Security Patch Assessment is not available.
OS Security Patch Assessment is not available on the remote host.
This does not necessarily indicate a problem with the scan.
Credentials may not have been provided, OS security patch assessment may not be supported for the target, the target may not have been identified, or another issue may have occurred that prevented OS security patch assessment from being available. See plugin output for details.
This plugin reports non-failure information impacting the availability of OS Security Patch Assessment. Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks Not Supported' will report concurrently with this plugin.
Published: 2018/10/02, Modified: 2021/07/12
tcp/0
The following issues were reported :
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 23 (17 hops away)
- 22 (17 hops away)
The operating system was identified as :
CISCO IOS 12.1
CISCO IOS 12.4
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
70657 - SSH Algorithms and Languages Supported
-
An SSH server is listening on this port.
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Published: 2013/10/28, Modified: 2017/08/28
tcp/22/ssh
Nessus negotiated the following encryption algorithm with the server :
The server supports the following options for kex_algorithms :
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
The server supports the following options for server_host_key_algorithms :
ssh-rsa
The server supports the following options for encryption_algorithms_client_to_server :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
The server supports the following options for encryption_algorithms_server_to_client :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
The server supports the following options for mac_algorithms_client_to_server :
hmac-sha1
hmac-sha1-96
The server supports the following options for mac_algorithms_server_to_client :
hmac-sha1
hmac-sha1-96
The server supports the following options for compression_algorithms_client_to_server :
none
The server supports the following options for compression_algorithms_server_to_client :
none
149334 - SSH Password Authentication Accepted
-
The SSH server on the remote host accepts password authentication.
The SSH server on the remote host accepts password authentication.
Published: 2021/05/07, Modified: 2021/05/07
tcp/22/ssh
10881 - SSH Protocol Versions Supported
-
A SSH server is running on the remote host.
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Published: 2002/03/06, Modified: 2021/01/19
tcp/22/ssh
The remote SSH daemon supports the following versions of the
SSH protocol :
- 1.99
- 2.0
153588 - SSH SHA-1 HMAC Algorithms Enabled
-
The remote SSH server is configured to enable SHA-1 HMAC algorithms.
The remote SSH server is configured to enable SHA-1 HMAC algorithms.
Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions.
Note that this plugin only checks for the options of the remote SSH server.
Published: 2021/09/23, Modified: 2022/04/05
tcp/22/ssh
The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are supported :
hmac-sha1
hmac-sha1-96
The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are supported :
hmac-sha1
hmac-sha1-96
10267 - SSH Server Type and Version Information
-
An SSH server is listening on this port.
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Published: 1999/10/12, Modified: 2020/09/22
tcp/22/ssh
SSH version : SSH-2.0-Cisco-1.25
SSH supported authentication : publickey,keyboard-interactive,password
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/22/ssh
An SSH server is running on this port.
110723 - Target Credential Status by Authentication Protocol - No Credentials Provided
-
Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan policy.
Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote service using the provided credentials. There may have been a protocol failure that prevented authentication from being attempted or all of the provided credentials for the authentication protocol may be invalid. See plugin output for error details.
Please note the following :
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Published: 2018/06/27, Modified: 2023/02/13
tcp/0
SSH was detected on port 22 but no credentials were provided.
SSH local checks were not enabled.
10281 - Telnet Server Detection
-
A Telnet server is listening on the remote port.
The remote host is running a Telnet server, a remote terminal server.
Disable this service if you do not use it.
Published: 1999/10/12, Modified: 2020/06/12
tcp/23/telnet
Here is the banner from the remote Telnet server :
------------------------------ snip ------------------------------
-------------------------------------
Reynolds & Reynolds Maintained Device
Unauthorized Access is Prohibited!
-------------------------------------
User Access Verification
Username:
------------------------------ snip ------------------------------
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.121 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
96.108.31.146
162.151.119.145
68.86.95.113
96.110.34.98
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.121
Hop Count: 17
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 10:43:37 2023 |
| End time: |
Thu Oct 26 11:21:09 2023 |
|
|
| DNS Name: |
net-216-37-68-122.in-addr.worldspice.net |
| IP: |
216.37.68.122 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.122 resolves as net-216-37-68-122.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.494 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:43 CDT
Scan duration : 2239 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.122 :
192.168.100.162
192.168.100.1
216.37.68.122
Hop Count: 2
|
|
|
|
|
0 |
1 |
4 |
0 |
33 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 10:55:46 2023 |
| End time: |
Thu Oct 26 11:46:54 2023 |
|
|
| DNS Name: |
net-216-37-68-123.in-addr.worldspice.net |
| IP: |
216.37.68.123 |
| OS: |
Microsoft Windows 10 |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
142960 - HSTS Missing From HTTPS Server (RFC 6797)
-
The remote web server is not enforcing HSTS, as defined by RFC 6797.
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published: 2020/11/17, Modified: 2023/06/08
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/8010/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/8010/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_10 -> Microsoft Windows 10 64-bit
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:10.0 -> Microsoft IIS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 75
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/8010/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
43111 - HTTP Methods Allowed (per directory)
-
This plugin determines which HTTP methods are allowed on various CGI directories.
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Published: 2009/12/10, Modified: 2022/04/11
tcp/80/www
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
10107 - HTTP Server Type and Version
-
A web server is running on the remote host.
This plugin attempts to determine the type and the version of the remote web server.
Published: 2000/01/04, Modified: 2020/10/30
tcp/80/www
The remote web server type is :
Microsoft-IIS/10.0
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.123 resolves as net-216-37-68-123.in-addr.worldspice.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :
Content-Type: text/html
Last-Modified: Mon, 09 Jul 2018 21:05:27 GMT
Accept-Ranges: bytes
ETag: "ba9fd28fc817d41:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 26 Oct 2023 16:17:32 GMT
Content-Length: 703
Response Body :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {
color:#000000;
background-color:#0072C6;
margin:0;
}
#container {
margin-left:auto;
margin-right:auto;
text-align:center;
}
a img {
border:none;
}
-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/8010/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Length: 4532
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://net-216-37-68-123.in-addr.worldspice.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443
Port 443/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/8010/www
Port 8010/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 77.867 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 10:55 CDT
Scan duration : 3059 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Microsoft Windows 10
Confidence level : 75
Method : HTTP
The remote host is running Microsoft Windows 10
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 8010 (15 hops away)
- 443 (15 hops away)
- 80 (15 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/8010/www
This port supports TLSv1.3/TLSv1.2.
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/8010/www
Subject Name:
Common Name: net-216-37-68-123.in-addr.worldspice.net
Issuer Name:
Country: US
State/Province: California
Locality: Sunnyvale
Organization: Fortinet
Organization Unit: Certificate Authority
Common Name: FG3H0ETB18900177
Email Address: support@fortinet.com
Serial Number: 03 17 59 21 BB 10 4F B1 C8 37
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Aug 16 15:34:19 2020 GMT
Not Valid After: Aug 17 15:34:19 2030 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C8 48 4C 21 D2 46 4B 98 4B 33 89 52 BE B6 6A EF D4 82 E7
F2 8A 49 C1 8A F9 8C 67 17 93 4F 8B 98 6F 13 0D 7F 9F F8 23
91 49 1E 97 58 B6 A7 CD D6 1E C5 15 26 B8 3A 03 BD 0C 38 CC
1B E3 77 23 76 33 1D E3 CF 80 BF 5A E4 08 FE 9F B2 22 71 68
FF E7 79 CA D2 EC FC 6E 91 7E 7B 85 BA 40 43 30 FD AF 14 14
FD 61 5D 6E 03 AD 0B 72 4A B0 4D 9F 3E 0C 4D 73 66 11 88 6F
C8 6D A3 38 05 79 2E 68 12 2D 34 B3 67 A8 C2 A2 47 FD 69 67
17 A0 BB 09 92 9C 05 13 A1 C5 C1 4B 91 23 11 8B 9D 0A E0 0C
AA E9 23 5C 49 75 2A 20 25 3A 1F F7 BE A8 26 B8 48 4B D8 30
AF 76 2C 7B C1 4D AD 00 7D 18 38 88 D1 1A 99 BA 72 B4 F6 59
14 29 79 ED A6 6E B7 F6 B7 BA 3B 1B 7C 2B 66 EE 68 98 F8 DA
4C 82 00 F0 02 28 84 47 C2 E3 35 4A 0F D9 9D 0B F3 A3 84 9E
F9 16 3E 8D 05 34 1F 17 00 DE 0B F3 ED D9 CA 81 17
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 40 8C D2 63 34 66 FC 63 A5 80 97 6D FA B8 62 52 67 69 7D
59 4B D0 D9 49 8B B4 93 95 A1 D2 72 FC 40 8A A6 B7 B7 13 7B
8E 3D F6 6B C9 9B 4F 1A 70 CB 05 9D 53 90 8B BA A9 79 D5 1C
3D 14 68 0A 02 EE 03 DA D5 BB 63 8B 53 EE 2A A2 B4 EA 86 FF
73 FA 42 05 90 C4 D5 41 4D 79 35 66 BA 7B C1 B2 44 E2 AA 59
C9 89 CD CF 59 29 13 43 5A 51 96 27 89 56 8F D5 1D C3 B0 BC
D7 40 21 10 9D BC 86 6B 61 7C B8 37 2C 53 41 AA 64 A1 DB CC
31 13 08 5C 11 DC 4C 24 E2 71 CF 10 13 F3 2D 06 55 BB E6 31
B2 DD 42 61 B9 88 0B DD 1B 2E 9E C1 2E 44 56 56 6F 1D FB FD
D7 09 6A 9A 12 20 E2 79 60 95 0F 9B EB 23 2D 63 AF D9 C8 39
A2 47 98 2B 62 1A 4D 36 DF E8 EB 48 38 90 CC 51 29 59 16 BF
CD 2D A7 CF 06 B0 50 56 8F E4 ED 76 AE 0F EC 0C FA 9B C6 85
4C 53 0E 46 4C D3 4D 62 FF 1C 1A 15 93 E9 A4 47 DA
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: net-216-37-68-123.in-addr.worldspice.net
Fingerprints :
SHA-256 Fingerprint: 1B 21 5B 34 35 77 C0 5B A4 5A 8D E1 78 E2 16 33 D6 F2 75 0B
8F 03 79 B4 6E 68 83 6A DF C1 9E DD
SHA-1 Fingerprint: 9A 41 08 F5 EE F8 C1 10 2D 5D 8D 83 8F FD 4D 91 03 3E 5F 10
MD5 Fingerprint: 58 F2 87 19 EA 76 47 7B 97 95 C0 BB D0 D2 03 6E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIKAxdZIbsQT7HINzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAwwQRkczSDBFVEIxODkwMDE3NzEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwODE2MTUzNDE5WhcNMzAwODE3MTUzNDE5WjAzMTEwLwYDVQQDDChuZXQtMjE2LTM3LTY4LTEyMy5pbi1hZGRyLndvcmxkc3BpY2UubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEhMIdJGS5hLM4lSvrZq79SC5/KKScGK+YxnF5NPi5hvEw1/n/gjkUkel1i2p83WHsUVJrg6A70MOMwb43cjdjMd48+Av1rkCP6fsiJxaP/necrS7PxukX57hbpAQzD9rxQU/WFdbgOtC3JKsE2fPgxNc2YRiG/IbaM4BXkuaBItNLNnqMKiR/1pZxeguwmSnAUTocXBS5EjEYudCuAMqukjXEl1KiAlOh/3vqgmuEhL2DCvdix7wU2tAH0YOIjRGpm6crT2WRQpee2mbrf2t7o7G3wrZu5omPjaTIIA8AIohEfC4zVKD9mdC/OjhJ75Fj6NBTQfFwDeC/Pt2cqBFwIDAQABo0IwQDAJBgNVHRMEAjAAMDMGA1UdEQQsMCqCKG5ldC0yMTYtMzctNjgtMTIzLmluLWFkZHIud29ybGRzcGljZS5uZXQwDQYJKoZIhvcNAQELBQADggEBAECM0mM0ZvxjpYCXbfq4YlJnaX1ZS9DZSYu0k5Wh0nL8QIqmt7cTe4499mvJm08acMsFnVOQi7qpedUcPRRoCgLuA9rVu2OLU+4qorTqhv9z+kIFkMTVQU15NWa6e8GyROKqWcmJzc9ZKRNDWlGWJ4lWj9Udw7C810AhEJ28hmthfLg3LFNBqmSh28wxEwhcEdxMJOJxzxAT8y0GVbvmMbLdQmG5iAvdGy6ewS5EVlZvHfv91wlqmhIg4nlglQ+b6yMtY6/ZyDmiR5grYhpNNt/o60g4kMxRKVkWv80tp88GsFBWj+Ttdq4P7Az6m8aFTFMORkzTTWL/HBoVk+mkR9o=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/8010/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/8010/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/8010/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-CHACHA20-POLY1305 0xCC, 0xAA DH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/8010/www
The following root Certification Authority certificate was found :
|-Subject : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Issuer : C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=FG3H0ETB18900177/E=support@fortinet.com
|-Valid From : Nov 06 06:12:11 2018 GMT
|-Valid To : Nov 06 06:12:11 2028 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/8010/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DH RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DH RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DH RSA Camellia-CBC(256) SHA1
DHE-RSA-SEED-SHA 0x00, 0x9A DH RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256
DHE-RSA-CAMELLIA128-SHA256 0x00, 0xBE DH RSA Camellia-CBC(128) SHA256
DHE-RSA-CAMELLIA256-SHA256 0x00, 0xC4 DH RSA Camellia-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443
The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/8010/www
A TLSv1.2 server answered on this port.
tcp/8010/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/8010/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.123 :
192.168.100.162
An error was detected along the way.
An error was detected along the way.
An error was detected along the way.
192.168.100.1
50.76.212.110
96.120.32.125
68.86.243.9
162.151.119.145
68.86.95.117
96.110.34.102
192.205.32.245
?
12.122.157.73
32.140.20.154
216.37.64.252
216.37.88.107
216.37.68.98
216.37.68.123
Hop Count: 16
10386 - Web Server No 404 Error Code Check
-
The remote web server does not return 404 error codes.
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Published: 2000/04/28, Modified: 2022/06/17
tcp/8010/www
The following string will be used :
TYPE=password
11422 - Web Server Unconfigured - Default Install Page Present
-
The remote web server is not configured or is improperly configured.
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden.
Disable this service if you do not use it.
Published: 2003/03/20, Modified: 2018/08/15
tcp/80/www
The default welcome page is from IIS.
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 11:21:09 2023 |
| End time: |
Thu Oct 26 11:58:40 2023 |
|
|
| DNS Name: |
net-216-37-68-124.in-addr.worldspice.net |
| IP: |
216.37.68.124 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.124 resolves as net-216-37-68-124.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.991 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 11:21 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.124 :
192.168.100.162
192.168.100.1
216.37.68.124
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 11:46:54 2023 |
| End time: |
Thu Oct 26 12:24:26 2023 |
|
|
| DNS Name: |
net-216-37-68-125.in-addr.worldspice.net |
| IP: |
216.37.68.125 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.125 resolves as net-216-37-68-125.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.842 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 11:47 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.125 :
192.168.100.162
192.168.100.1
216.37.68.125
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 11:58:40 2023 |
| End time: |
Thu Oct 26 12:36:12 2023 |
|
|
| DNS Name: |
net-216-37-68-126.in-addr.worldspice.net |
| IP: |
216.37.68.126 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.126 resolves as net-216-37-68-126.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.999 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 11:58 CDT
Scan duration : 2238 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.126 :
192.168.100.162
192.168.100.1
216.37.68.126
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Thu Oct 26 12:24:26 2023 |
| End time: |
Thu Oct 26 13:01:55 2023 |
|
|
| DNS Name: |
net-216-37-68-127.in-addr.worldspice.net |
| IP: |
216.37.68.127 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
216.37.68.127 resolves as net-216-37-68-127.in-addr.worldspice.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310261012
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.570 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/26 12:24 CDT
Scan duration : 2235 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 216.37.68.127 :
192.168.100.162
192.168.100.1
216.37.68.127
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 15:46:17 2023 |
| End time: |
Wed Oct 25 16:23:42 2023 |
|
|
| DNS Name: |
xe-1-1-10-3899-sur01.bartlett.tn.malt.comcast.net |
| IP: |
50.206.100.145 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.206.100.145 resolves as xe-1-1-10-3899-sur01.bartlett.tn.malt.comcast.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 74.399 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 15:46 CDT
Scan duration : 2235 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.206.100.145 :
192.168.100.162
192.168.100.1
50.206.100.145
Hop Count: 2
|
|
|
|
|
0 |
1 |
3 |
0 |
24 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 15:46:17 2023 |
| End time: |
Wed Oct 25 16:21:28 2023 |
|
|
| IP: |
50.206.100.146 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/443/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : O=Fortinet Ltd./CN=FortiGate
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE's :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : firewall
Confidence level : 100
17367 - Fortinet FortiGate Web Console Management Detection
-
A firewall management console is running on the remote host.
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.
Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
Filter incoming traffic to this port.
Published: 2005/03/18, Modified: 2023/07/18
tcp/443/www
The following instance of FortiOS Web Interface was detected on the remote host :
Version : >= 5.4
URL : https://50.206.100.146/
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Encoding: gzip
Content-Type: text/html
ETag: b172f9cee57d8826b06dac8859adf13b
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Wed, 25 Oct 2023 21:04:45 GMT
Connection: keep-alive
Transfer-Encoding: chunked
Response Body :
.ã.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 59.572 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 15:46 CDT
Scan duration : 2101 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML
The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 443 (7 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.3/TLSv1.2.
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Issuer Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Serial Number: 0E 0B 76 CE 07 EB 8C 0F
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jul 31 20:32:56 2022 GMT
Not Valid After: Jul 31 20:32:56 2032 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 E2 65 7C 22 BD 9D C2 5F F2 8F AC 96 FC 88 68 5E 41 53 85
B6 A1 50 C9 00 A4 09 E4 86 82 36 89 CA F8 6D 2F 1A 01 85 6F
B4 94 5A A8 6B 35 E7 42 68 2A 35 90 9B A9 0E 6B 96 0D ED 50
B1 D3 49 69 09 8C 59 F1 29 38 F7 84 F0 F5 D0 01 B6 57 CE 09
F9 66 C3 FD EA 7D E0 03 3C D7 E8 B3 8C A5 BD 86 B0 32 32 55
1F B2 E3 15 46 48 17 82 51 43 2E AF C2 4D AF 02 04 2D 0C 6E
2D 67 23 31 D0 8C D5 11 22 95 3B A5 50 5A 46 CC 43 87 59 A5
AB 2B 4E B2 60 DA 86 4E 58 0D 98 B2 07 4E 9C BD 6D C3 1D FB
09 15 1D 81 46 B1 96 C3 A1 C4 6D 10 F5 A4 4A 2B D6 B5 22 45
42 04 BD CB 2F B5 54 A7 4B 81 C9 5F 54 CA 3C A0 C7 22 35 31
9A D6 63 1E D9 3E FA E1 D3 F8 4B D6 C8 8D 32 BE 81 15 BA B0
E2 23 16 CF 12 22 CF F7 FA 76 1A FA 9E B2 FC 7C 04 1E 47 FF
96 01 A8 A3 35 57 B8 17 DD E3 1B 27 CF 49 F5 F4 0D
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 5F A1 1F AE 87 17 C6 F4 2A F1 C8 23 E2 17 18 AC E1 21 56
77 68 4D 07 2D 46 06 B6 12 A0 9B 99 A9 E7 8A 2E 50 1A C0 EE
F7 F3 3A B2 A4 69 97 6E 7C 09 81 0A 3C 26 8C 92 5F 94 DD 96
BB C5 C4 E5 AA 99 F0 A6 57 07 33 77 48 19 7A 49 53 F8 73 5A
72 F8 7B ED B9 8C 8F 3D 72 29 51 63 EC 86 64 50 38 D4 39 5B
2A 50 C3 EB 5A 45 3C 0B 02 7F 22 5A FD 26 90 CE CF 7D 7D F4
9E 8D A6 9B 31 45 60 46 50 7E D8 3F 11 0B 50 50 4B 34 70 A9
E7 A3 49 FF 51 F1 B8 2D 7D 28 47 1C C9 01 7A 5A 80 E0 CF 1A
79 FF 19 92 3E 23 9E 14 3A 02 76 77 0E A9 24 3F 08 21 4F 4A
48 D4 99 0C 19 1D B7 E5 22 27 68 DA 53 FD EC 08 FD C5 35 0F
F1 29 3C 54 67 6E ED 82 59 F5 C9 DD AC 51 E3 15 D5 58 FE 41
47 CD 7D 74 D3 28 D3 B2 26 44 C6 BD 04 7A 6B 28 99 A9 E9 C3
F8 FF 15 74 97 D2 11 27 B2 73 13 36 77 F7 47 9F C3
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Fingerprints :
SHA-256 Fingerprint: FA 06 05 28 C7 73 C1 89 05 06 0E 24 FC 91 41 F3 3B F8 39 C9
07 35 DB D5 59 A3 2F 41 A3 6D E1 0D
SHA-1 Fingerprint: D6 D3 9A E4 08 23 3E 36 8A 19 AE 15 7E 76 8C 5D C6 B2 00 92
MD5 Fingerprint: C8 46 D5 D6 CB 67 5C D9 F6 D4 2F 03 55 FC 00 58
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIIDgt2zgfrjA8wDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIyMDczMTIwMzI1NloXDTMyMDczMTIwMzI1NlowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mV8Ir2dwl/yj6yW/IhoXkFThbahUMkApAnkhoI2icr4bS8aAYVvtJRaqGs150JoKjWQm6kOa5YN7VCx00lpCYxZ8Sk494Tw9dABtlfOCflmw/3qfeADPNfos4ylvYawMjJVH7LjFUZIF4JRQy6vwk2vAgQtDG4tZyMx0IzVESKVO6VQWkbMQ4dZpasrTrJg2oZOWA2YsgdOnL1twx37CRUdgUaxlsOhxG0Q9aRKK9a1IkVCBL3LL7VUp0uByV9UyjygxyI1MZrWYx7ZPvrh0/hL1siNMr6BFbqw4iMWzxIiz/f6dhr6nrL8fAQeR/+WAaijNVe4F93jGyfPSfX0DQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBfoR+uhxfG9CrxyCPiFxis4SFWd2hNBy1GBrYSoJuZqeeKLlAawO738zqypGmXbnwJgQo8JoySX5TdlrvFxOWqmfCmVwczd0gZeklT+HNacvh77bmMjz1yKVFj7IZkUDjUOVsqUMPrWkU8CwJ/Ilr9JpDOz3199J6NppsxRWBGUH7YPxELUFBLNHCp56NJ/1HxuC19KEccyQF6WoDgzxp5/xmSPiOeFDoCdncOqSQ/CCFPSkjUmQwZHbflIido2lP97Aj9xTUP8Sk8VGdu7YJZ9cndrFHjFdVY/kFHzX100yjTsiZExr0Eemsomanpw/j/FXSX0hEnsnMTNnf3R5/D
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=15552000
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.206.100.146 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.86.240.134
162.151.118.254
50.206.100.146
Hop Count: 8
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/443/www
The following cookies are expired :
Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 21:06:37 GMT
Comment :
Secure : 1
Httponly : 0
Port :
|
|
|
|
|
0 |
1 |
1 |
0 |
8 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 16:21:28 2023 |
| End time: |
Wed Oct 25 16:58:35 2023 |
|
|
| IP: |
50.206.100.147 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.087 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 16:21 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.206.100.147 :
192.168.100.162
192.168.100.1
50.206.100.147
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
8 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 16:23:42 2023 |
| End time: |
Wed Oct 25 17:00:48 2023 |
|
|
| IP: |
50.206.100.148 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.283 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 16:23 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.206.100.148 :
192.168.100.162
192.168.100.1
50.206.100.148
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
8 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 16:58:35 2023 |
| End time: |
Wed Oct 25 17:35:42 2023 |
|
|
| IP: |
50.206.100.149 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.859 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 16:58 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.206.100.149 :
192.168.100.162
192.168.100.1
50.206.100.149
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
8 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 17:00:48 2023 |
| End time: |
Wed Oct 25 17:37:55 2023 |
|
|
| IP: |
50.206.100.150 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.462 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 17:01 CDT
Scan duration : 2213 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.206.100.150 :
192.168.100.162
192.168.100.1
50.206.100.150
Hop Count: 2
|
|
|
|
|
0 |
1 |
3 |
0 |
26 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 17:35:42 2023 |
| End time: |
Wed Oct 25 18:12:33 2023 |
|
|
| DNS Name: |
50-246-153-193-static.hfc.comcastbusiness.net |
| IP: |
50.246.153.193 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/443/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : O=Fortinet Ltd./CN=FortiGate
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE's :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : firewall
Confidence level : 100
17367 - Fortinet FortiGate Web Console Management Detection
-
A firewall management console is running on the remote host.
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.
Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
Filter incoming traffic to this port.
Published: 2005/03/18, Modified: 2023/07/18
tcp/443/www
The following instance of FortiOS Web Interface was detected on the remote host :
Version : >= 5.4
URL : https://50-246-153-193-static.hfc.comcastbusiness.net/
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.246.153.193 resolves as 50-246-153-193-static.hfc.comcastbusiness.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Encoding: gzip
Content-Type: text/html
ETag: 89e3321d7f1087cc067df54b0bf85dd6
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Wed, 25 Oct 2023 22:55:06 GMT
Connection: keep-alive
Transfer-Encoding: chunked
Response Body :
...
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 72.453 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 17:35 CDT
Scan duration : 2201 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML
The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 443 (9 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
50-246-153-193-static.hfc.comcastbusiness.net
The Common Name in the certificate is :
fortigate
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Issuer Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Serial Number: 44 24 A4 22
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jul 31 18:15:29 2022 GMT
Not Valid After: Jul 31 18:15:29 2032 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D4 CD 6F BD 0D 4E 73 6F BE 1A 14 4D EB 5D C1 F0 E9 09 58
AE 54 D6 1F E3 11 5E 1C 0B 55 79 0B 63 41 DB 7C 9B A8 81 5F
58 7F 3F 8D BD 48 56 D5 CE 56 6E 50 8D 99 A4 B8 A5 80 79 8F
7B CD CB 88 68 B7 5E E2 74 4B 7F FC 58 6E C8 F6 14 82 63 01
4B 7A 71 6F 16 85 C6 BB 45 1C 1A D5 90 40 E1 B9 6A 01 18 D4
43 A8 84 78 66 55 EF 36 4E 27 39 6E EC F1 CC 18 23 9F 4D 6B
E8 28 45 A8 7C 90 33 E3 47 9D 31 7F BC 2B 2A 81 69 88 3A 35
13 0C 6F 5C 1B 6D 40 3B 1F 42 F2 13 CD 2B A4 1F AF C5 6E 16
61 E6 F6 DA 3C 4D A7 45 2B 92 3F A8 96 F9 80 95 5A CA 58 AC
05 44 7F 64 48 2C DC F4 44 FC EB A1 F5 8C 48 26 63 15 5E 19
68 5D A3 18 30 18 2E 86 7D 47 F0 B2 A8 DC 0A 6C EC E2 D4 36
03 65 80 43 30 F9 B2 4F A7 3D FF 43 C3 25 D9 CB B0 7C AC F4
09 C2 2B 27 51 4F EB 81 4A E0 5F A0 98 86 3F B8 3B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 C0 1D 52 3F B3 72 F3 88 E9 1A 28 8D 63 CF 28 81 62 31 79
FB 36 94 30 D0 7F 71 B3 5C 51 92 CB 0B D3 6F 87 31 8C AB D5
57 6C 74 6F B6 9E 8D 8D 14 46 48 1D C4 19 F3 8B DC 6B 03 D8
6D FD B0 91 D7 3C 4C 0C 5E 43 DA 30 F7 C4 57 12 54 4E C5 40
A4 A0 33 36 BA 27 15 69 D0 77 8A F0 EF AB D2 77 FF CF 4D 03
FC 74 DA C5 3F 11 43 F4 7A 9D 8C 52 09 15 51 EF 86 D6 06 93
3D 33 91 94 2F A7 A6 C6 04 5F 08 BA C1 A2 82 0F 7D E1 2F 4E
06 75 4D 4C 7E 2D C0 85 5B 8C 56 2F BB 00 39 61 E5 AC 92 94
3A 92 FE B8 53 B7 0B 55 28 65 87 81 C3 E2 6B 3F 03 A4 51 13
44 B5 61 D5 4C AF 1C BB D9 29 9B D2 4B 18 EE 1C 5F 1B 39 7F
8C A1 91 B0 52 94 37 BA 1F A9 DA 03 10 6F 5C 7C A6 CB C1 D5
47 A8 35 7C A6 FE 03 13 92 2D 07 D0 D0 F7 51 53 4A 57 F1 B4
FA C7 34 92 EB 38 76 04 24 24 65 56 E6 98 D1 1F C0
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Fingerprints :
SHA-256 Fingerprint: 9B BB C5 7D 03 D1 91 A8 54 45 16 D7 B5 89 24 F9 D9 2D C3 0B
F3 A3 DF 31 92 43 29 F6 FA 6F 6C 58
SHA-1 Fingerprint: 1C 9C 31 DC 08 4C 01 84 C0 15 A2 77 A4 56 AB 5C 36 74 F5 16
MD5 Fingerprint: 8C C4 D6 A8 1B 3A 80 68 A9 FA 16 D3 2B 28 96 38
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC4zCCAcugAwIBAgIERCSkIjANBgkqhkiG9w0BAQsFADAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwHhcNMjIwNzMxMTgxNTI5WhcNMzIwNzMxMTgxNTI5WjAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUzW+9DU5zb74aFE3rXcHw6QlYrlTWH+MRXhwLVXkLY0HbfJuogV9Yfz+NvUhW1c5WblCNmaS4pYB5j3vNy4hot17idEt//FhuyPYUgmMBS3pxbxaFxrtFHBrVkEDhuWoBGNRDqIR4ZlXvNk4nOW7s8cwYI59Na+goRah8kDPjR50xf7wrKoFpiDo1EwxvXBttQDsfQvITzSukH6/FbhZh5vbaPE2nRSuSP6iW+YCVWspYrAVEf2RILNz0RPzrofWMSCZjFV4ZaF2jGDAYLoZ9R/CyqNwKbOzi1DYDZYBDMPmyT6c9/0PDJdnLsHys9AnCKydRT+uBSuBfoJiGP7g7AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAMAdUj+zcvOI6RoojWPPKIFiMXn7NpQw0H9xs1xRkssL02+HMYyr1VdsdG+2no2NFEZIHcQZ84vcawPYbf2wkdc8TAxeQ9ow98RXElROxUCkoDM2uicVadB3ivDvq9J3/89NA/x02sU/EUP0ep2MUgkVUe+G1gaTPTORlC+npsYEXwi6waKCD33hL04GdU1Mfi3AhVuMVi+7ADlh5aySlDqS/rhTtwtVKGWHgcPiaz8DpFETRLVh1UyvHLvZKZvSSxjuHF8bOX+MoZGwUpQ3uh+p2gMQb1x8psvB1UeoNXym/gMTki0H0ND3UVNKV/G0+sc0kus4dgQkJGVW5pjRH8A=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=15552000
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.246.153.193 :
192.168.100.162
192.168.100.1
50.246.153.193
Hop Count: 2
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/443/www
The following cookies are expired :
Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Tue, 06-Nov-1973 22:57:32 GMT
Comment :
Secure : 1
Httponly : 0
Port :
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 17:37:55 2023 |
| End time: |
Wed Oct 25 18:01:07 2023 |
|
|
| DNS Name: |
50-246-153-194-static.hfc.comcastbusiness.net |
| IP: |
50.246.153.194 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.246.153.194 resolves as 50-246-153-194-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.257 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 17:38 CDT
Scan duration : 1379 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.246.153.194 :
192.168.100.162
192.168.100.1
50.246.153.194
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 18:01:07 2023 |
| End time: |
Wed Oct 25 18:24:59 2023 |
|
|
| DNS Name: |
50-246-153-195-static.hfc.comcastbusiness.net |
| IP: |
50.246.153.195 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.246.153.195 resolves as 50-246-153-195-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.422 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:01 CDT
Scan duration : 1419 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.246.153.195 :
192.168.100.162
192.168.100.1
50.246.153.195
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 18:12:33 2023 |
| End time: |
Wed Oct 25 18:36:51 2023 |
|
|
| DNS Name: |
50-246-153-196-static.hfc.comcastbusiness.net |
| IP: |
50.246.153.196 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.246.153.196 resolves as 50-246-153-196-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.357 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:12 CDT
Scan duration : 1445 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.246.153.196 :
192.168.100.162
192.168.100.1
50.246.153.196
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 18:24:59 2023 |
| End time: |
Wed Oct 25 18:49:11 2023 |
|
|
| DNS Name: |
50-246-153-197-static.hfc.comcastbusiness.net |
| IP: |
50.246.153.197 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.246.153.197 resolves as 50-246-153-197-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.736 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:25 CDT
Scan duration : 1439 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.246.153.197 :
192.168.100.162
192.168.100.1
50.246.153.197
Hop Count: 2
|
|
|
|
|
0 |
1 |
2 |
0 |
27 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 18:36:51 2023 |
| End time: |
Wed Oct 25 19:15:19 2023 |
|
|
| DNS Name: |
50-246-153-198-static.hfc.comcastbusiness.net |
| IP: |
50.246.153.198 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2001/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2001/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.246.153.198 resolves as 50-246-153-198-static.hfc.comcastbusiness.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2001/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Wed, 25 Oct 2023 23:54:29 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/555
Port 555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2001/www
Port 2001/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 55.249 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:37 CDT
Scan duration : 2299 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2001/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2001/www
The host name known by Nessus is :
50-246-153-198-static.hfc.comcastbusiness.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2001/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2001/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2001/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2001/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2001/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2001/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2001/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2001/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2001/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2001/www
A TLSv1.2 server answered on this port.
tcp/2001/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2001/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.246.153.198 :
192.168.100.162
192.168.100.1
50.246.153.198
Hop Count: 2
|
|
|
|
|
0 |
1 |
3 |
0 |
26 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 18:49:11 2023 |
| End time: |
Wed Oct 25 19:25:57 2023 |
|
|
| DNS Name: |
50-255-85-97-static.hfc.comcastbusiness.net |
| IP: |
50.255.85.97 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/443/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : O=Fortinet Ltd./CN=FortiGate
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE's :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : firewall
Confidence level : 100
17367 - Fortinet FortiGate Web Console Management Detection
-
A firewall management console is running on the remote host.
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.
Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
Filter incoming traffic to this port.
Published: 2005/03/18, Modified: 2023/07/18
tcp/443/www
The following instance of FortiOS Web Interface was detected on the remote host :
Version : >= 5.4
URL : https://50-255-85-97-static.hfc.comcastbusiness.net/
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.255.85.97 resolves as 50-255-85-97-static.hfc.comcastbusiness.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Encoding: gzip
Content-Type: text/html
ETag: 89e3321d7f1087cc067df54b0bf85dd6
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Thu, 26 Oct 2023 00:08:40 GMT
Connection: keep-alive
Transfer-Encoding: chunked
Response Body :
...
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 56.732 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 18:49 CDT
Scan duration : 2196 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML
The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 443 (10 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
50-255-85-97-static.hfc.comcastbusiness.net
The Common Name in the certificate is :
fortigate
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Issuer Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Serial Number: 47 E0 E6 C2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jul 31 21:14:46 2022 GMT
Not Valid After: Jul 31 21:14:46 2032 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D3 27 BE 0D 90 43 55 A8 77 17 B6 E5 C3 47 DD ED 2B BD FF
33 DA 09 82 D1 74 22 4D BA 9B C9 02 3E 63 C3 C3 12 74 40 35
29 C7 12 93 07 51 D1 AF F5 0B 4B A4 AA 14 7B 68 19 49 77 AA
39 2F 8C 53 06 3B E7 2D 38 FC D9 48 31 2A 3E 49 8C 4D 9F C7
6B EA BB 9F AC EC F2 D5 84 E0 F5 7F 97 D7 3B B9 C0 85 A5 E5
EE EB BC FF 39 97 A8 7D 87 18 5A 93 59 9E FD A2 3A 8D 0E A8
13 37 C5 1F F2 AA E4 34 38 12 B7 C0 B9 3C 2F 9D 6E 2A A6 D0
9F 84 22 E1 67 D7 A7 88 CC FC 6C 20 86 75 C4 5F A0 D0 CD EE
99 89 23 95 F8 F4 CD CF 50 DB 8C FA 06 63 DA AE 6B 0C F0 C8
7E CC 18 6C 49 05 00 C7 A5 12 F3 26 BE E0 A6 A9 6A 8A 64 25
26 46 B8 64 F5 53 4A EA 21 CD 69 0B 0C 99 F5 7B 83 86 B3 39
2D B9 89 5F 24 F6 F1 05 D9 24 45 91 62 C4 47 CC 77 EF FB 5A
5C 31 C4 F3 38 7E EF 15 AD 2C 18 AC 74 8B 9F 51 8D
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 81 94 BA 40 14 A9 D6 B6 58 55 AD E1 43 62 9A 36 12 6A 50
E4 FB 15 10 55 D4 6E 12 29 87 12 91 76 8A 83 26 F5 CF 38 EC
04 1C A8 9B 00 B5 12 C4 76 2B 49 E4 6E B0 A3 DB 3C DB 59 83
BD 1A F8 13 B6 9C FD 6E B0 F2 A4 FC CE 8D 82 05 AC 41 5C 57
2F C7 5A E6 9A 00 38 C2 02 A0 9D A6 B8 2E 8D 0F A8 1F 2F 27
2C 04 7B B9 CD 3D 54 E1 59 9A A0 F0 31 80 1E 18 D4 60 A3 45
B4 43 20 D9 96 E2 52 0B 15 D2 62 F1 83 53 F8 07 5E E2 7A B6
F1 02 74 39 B8 90 6E AF 06 BA CB 44 61 3D 92 83 6A 45 34 E8
B6 49 7A 26 39 6B 7D F2 F3 FE 1A C8 E4 54 54 1D 2A F9 A6 DE
F3 ED 89 98 47 D7 47 E1 FC FC B7 1F 58 54 AA E3 A8 30 13 25
1E 67 5C 64 C4 4D A1 93 FF BE 36 0E A6 08 5B 76 33 AE 6B 54
5E B1 B1 E4 76 5C 0C 13 6C 21 93 1B D9 B6 1D 13 5A C0 C0 D0
FF B3 11 69 6A B1 B4 80 5C 94 39 4D EC 06 CF 16 DD
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Fingerprints :
SHA-256 Fingerprint: 94 4C 64 7D AF 71 F7 6C CA 37 E5 91 60 AB BE E6 AB FE AF 46
E5 E9 17 5C 47 EF F4 D3 2B D7 2C 97
SHA-1 Fingerprint: D3 6D 10 72 47 38 93 C0 BE 90 86 DA 9F B4 81 F2 E7 06 F5 00
MD5 Fingerprint: 4A 68 C9 19 CC 29 D2 FE FA CC 90 0B 26 EF FA 97
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC4zCCAcugAwIBAgIER+DmwjANBgkqhkiG9w0BAQsFADAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwHhcNMjIwNzMxMjExNDQ2WhcNMzIwNzMxMjExNDQ2WjAsMRYwFAYDVQQKDA1Gb3J0aW5ldCBMdGQuMRIwEAYDVQQDDAlGb3J0aUdhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTJ74NkENVqHcXtuXDR93tK73/M9oJgtF0Ik26m8kCPmPDwxJ0QDUpxxKTB1HRr/ULS6SqFHtoGUl3qjkvjFMGO+ctOPzZSDEqPkmMTZ/Ha+q7n6zs8tWE4PV/l9c7ucCFpeXu67z/OZeofYcYWpNZnv2iOo0OqBM3xR/yquQ0OBK3wLk8L51uKqbQn4Qi4WfXp4jM/GwghnXEX6DQze6ZiSOV+PTNz1DbjPoGY9quawzwyH7MGGxJBQDHpRLzJr7gpqlqimQlJka4ZPVTSuohzWkLDJn1e4OGszktuYlfJPbxBdkkRZFixEfMd+/7WlwxxPM4fu8VrSwYrHSLn1GNAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAIGUukAUqda2WFWt4UNimjYSalDk+xUQVdRuEimHEpF2ioMm9c847AQcqJsAtRLEditJ5G6wo9s821mDvRr4E7ac/W6w8qT8zo2CBaxBXFcvx1rmmgA4wgKgnaa4Lo0PqB8vJywEe7nNPVThWZqg8DGAHhjUYKNFtEMg2ZbiUgsV0mLxg1P4B17ierbxAnQ5uJBurwa6y0RhPZKDakU06LZJeiY5a33y8/4ayORUVB0q+abe8+2JmEfXR+H8/LcfWFSq46gwEyUeZ1xkxE2hk/++Ng6mCFt2M65rVF6xseR2XAwTbCGTG9m2HRNawMDQ/7MRaWqxtIBclDlN7AbPFt0=
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=15552000
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.255.85.97 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.85.203.10
96.108.30.22
96.110.140.106
73.2.206.83
50.255.85.97
Hop Count: 10
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/443/www
The following cookies are expired :
Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 00:11:09 GMT
Comment :
Secure : 1
Httponly : 0
Port :
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 19:15:19 2023 |
| End time: |
Wed Oct 25 19:38:59 2023 |
|
|
| DNS Name: |
50-255-85-98-static.hfc.comcastbusiness.net |
| IP: |
50.255.85.98 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.255.85.98 resolves as 50-255-85-98-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.931 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:15 CDT
Scan duration : 1407 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.255.85.98 :
192.168.100.162
192.168.100.1
50.255.85.98
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 19:25:57 2023 |
| End time: |
Wed Oct 25 19:50:18 2023 |
|
|
| DNS Name: |
50-255-85-99-static.hfc.comcastbusiness.net |
| IP: |
50.255.85.99 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.255.85.99 resolves as 50-255-85-99-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.745 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:26 CDT
Scan duration : 1448 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.255.85.99 :
192.168.100.162
192.168.100.1
50.255.85.99
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 19:38:59 2023 |
| End time: |
Wed Oct 25 20:03:13 2023 |
|
|
| DNS Name: |
50-255-85-100-static.hfc.comcastbusiness.net |
| IP: |
50.255.85.100 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.255.85.100 resolves as 50-255-85-100-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.271 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:39 CDT
Scan duration : 1441 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.255.85.100 :
192.168.100.162
192.168.100.1
50.255.85.100
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 19:50:18 2023 |
| End time: |
Wed Oct 25 20:14:20 2023 |
|
|
| DNS Name: |
50-255-85-101-static.hfc.comcastbusiness.net |
| IP: |
50.255.85.101 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.255.85.101 resolves as 50-255-85-101-static.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.681 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 19:50 CDT
Scan duration : 1429 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.255.85.101 :
192.168.100.162
192.168.100.1
50.255.85.101
Hop Count: 2
|
|
|
|
|
0 |
1 |
2 |
0 |
27 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 20:03:13 2023 |
| End time: |
Wed Oct 25 20:41:59 2023 |
|
|
| DNS Name: |
50-255-85-102-static.hfc.comcastbusiness.net |
| IP: |
50.255.85.102 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2001/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2001/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
50.255.85.102 resolves as 50-255-85-102-static.hfc.comcastbusiness.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2001/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 01:20:55 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/555
Port 555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2001/www
Port 2001/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 77.135 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:03 CDT
Scan duration : 2316 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2001/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2001/www
The host name known by Nessus is :
50-255-85-102-static.hfc.comcastbusiness.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2001/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2001/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2001/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2001/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2001/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2001/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2001/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2001/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2001/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2001/www
A TLSv1.2 server answered on this port.
tcp/2001/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2001/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 50.255.85.102 :
192.168.100.162
192.168.100.1
50.255.85.102
Hop Count: 2
|
|
|
|
|
0 |
1 |
3 |
0 |
32 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 20:14:20 2023 |
| End time: |
Wed Oct 25 20:57:28 2023 |
|
|
| DNS Name: |
64-139-87-41-Hattiesburg.hfc.comcastbusiness.net |
| IP: |
64.139.87.41 |
| OS: |
FortiOS on Fortinet FortiGate |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/443/www
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : O=Fortinet Ltd./CN=FortiGate
|-Issuer : O=Fortinet Ltd./CN=FortiGate
57582 - SSL Self-Signed Certificate
-
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2012/01/17, Modified: 2022/06/14
tcp/443/www
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : O=Fortinet Ltd./CN=FortiGate
45590 - Common Platform Enumeration (CPE)
-
It was possible to enumerate CPE names that matched on the remote system.
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Published: 2010/04/21, Modified: 2023/10/16
tcp/0
The remote operating system matched the following CPE's :
cpe:/o:fortinet:fortios -> Fortinet FortiOS
cpe:/o:fortinet:fortios:>=_5.4 -> Fortinet FortiOS
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : firewall
Confidence level : 100
17367 - Fortinet FortiGate Web Console Management Detection
-
A firewall management console is running on the remote host.
A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port.
Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker may set up a brute-force attack against the remote interface.
Filter incoming traffic to this port.
Published: 2005/03/18, Modified: 2023/07/18
tcp/443/www
The following instance of FortiOS Web Interface was detected on the remote host :
Version : >= 5.4
URL : https://64-139-87-41-Hattiesburg.hfc.comcastbusiness.net/
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
64.139.87.41 resolves as 64-139-87-41-Hattiesburg.hfc.comcastbusiness.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/80/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
location: https://64-139-87-41-Hattiesburg.hfc.comcastbusiness.net:443/
Date: Thu, 26 Oct 2023 01:34:08 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Response Body :
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/443/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Encoding: gzip
Content-Type: text/html
ETag: 3d9d521f61a853f8ef09c629fd5d0485
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Date: Thu, 26 Oct 2023 01:34:09 GMT
Connection: keep-alive
Transfer-Encoding: chunked
Response Body :
.‹.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/443/www
Port 443/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 63.618 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:14 CDT
Scan duration : 2578 sec
Scan for malware : no
42823 - Non-compliant Strict Transport Security (STS)
-
The remote web server implements Strict Transport Security incorrectly.
The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard.
Published: 2009/11/16, Modified: 2014/09/19
tcp/80/www
The Strict-Transport-Security header must not be sent over an
unencrypted channel.
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : FortiOS on Fortinet FortiGate
Confidence level : 100
Method : HTML
The remote host is running FortiOS on Fortinet FortiGate
31422 - Reverse NAT/Intercepting Proxy Detection
-
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in the way.
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic shaper.
Make sure that this setup is authorized by your security policy
Published: 2008/03/12, Modified: 2022/04/11
tcp/0
+ On the following port(s) :
- 443 (10 hops away)
- 80 (10 hops away)
The operating system was identified as :
Linux Kernel 2.2
Linux Kernel 2.4
Linux Kernel 2.6
+ On the following port(s) :
- 53 (1 hops away)
The operating system was identified as :
Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/443/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/443/www
The host name known by Nessus is :
64-139-87-41-hattiesburg.hfc.comcastbusiness.net
The Common Name in the certificate is :
fortigate
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/443/www
Subject Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Issuer Name:
Organization: Fortinet Ltd.
Common Name: FortiGate
Serial Number: 36 0F 6C B0 48 0B 5C D4
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Feb 24 19:07:21 2022 GMT
Not Valid After: Feb 25 19:07:21 2032 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C1 72 0A 3D 2E 24 30 E5 BA 5A 20 B4 B0 6B D2 E3 8E 45 86
3F 0C CB 66 AB 4A B1 EA 97 75 9E 27 C6 3A 70 7D 76 68 B7 BF
0A C7 34 A0 69 E4 08 3A A7 4A 61 FC E2 DF 39 15 F7 A7 E8 DA
36 CF 78 94 89 56 F4 68 AF B3 DA 07 4A C8 3A 19 F4 DD E3 E2
25 D8 A1 FA 14 84 41 44 55 BD 71 08 7C 93 03 09 5B B0 99 4D
35 BF B4 F3 28 9D 7C 31 45 F7 9E 17 D1 CA B9 86 B6 F7 EB B4
6B 10 C7 54 F1 70 1C 63 0D DF 2D 17 61 6E F7 91 B0 94 3F A6
3B A0 64 21 DC 85 AD 3B 12 90 97 8E F7 5B 18 5B C4 47 23 0F
33 E9 58 95 85 12 E3 35 B8 31 C7 40 0A 15 25 D7 2C 0C BB 2E
DE A6 44 4A 79 98 40 ED 08 4D 53 C9 1E 16 EB 8E 45 63 D8 32
2A 2D 48 68 6B 51 31 EE 62 C4 6B CA 61 CA FF 20 E3 DD 01 F7
1C 7C F6 B2 1B 6C F3 5F E1 1D D6 A3 8F 11 17 E1 66 1E 36 96
4F F3 1C F6 82 5D 25 64 4A F3 B1 74 D3 4A 7A 4B 61
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 3A 42 C2 A3 30 83 9C 57 64 2C DD 47 7F DB 8A 97 97 2F 7C
CA 87 34 37 64 BD 9D 5E 3D 31 03 27 7F AE 38 D2 E3 5A 84 C7
BB F2 72 A0 1A 2F 22 D0 63 20 3D 02 99 46 37 A7 11 EE 7C C2
E0 EF C8 81 D6 7E 2C 14 B0 7A 7B E7 30 CB 28 36 E7 B0 24 F5
02 18 D2 D8 BB E6 57 14 DB 6C 43 96 37 95 E3 FD 9C A7 5F DC
C1 D4 9D 97 30 09 B8 36 C3 CA D2 88 53 58 41 48 8C D7 D9 C1
CA 33 10 E4 E5 05 6B 2A 6D 85 C5 9D 05 E7 8F DA 35 41 83 58
BA 08 1F 04 7F 5B 1D A3 63 17 63 6B 23 F7 6F 56 A0 66 13 21
A5 AA 44 0B E9 D2 36 50 8D 7E BB 24 EA D3 4E 4E ED 6A E9 B6
53 38 4F 57 C6 0B 8F 08 D4 93 35 CB A3 11 26 17 D7 C6 01 A5
5F DA EE 83 54 E4 1F 46 8F F0 C9 FC 5A 8A C3 5F CC B7 13 C5
9A 8A 34 0F BE E0 BB 77 AB 02 98 02 40 BB 7E 22 35 10 E6 AF
21 0E 58 E0 D5 CF C8 E4 A0 3C 54 34 95 AD 69 8E 51
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Fingerprints :
SHA-256 Fingerprint: 16 BF 4F 98 C2 AD B1 0C 39 A1 33 80 66 D0 1F 32 61 C5 22 89
C2 92 D2 B2 A7 A7 AA 4B 1C 95 66 D6
SHA-1 Fingerprint: 83 E7 18 1A 3E D0 93 ED 7D 80 38 59 DE 81 D5 E7 B6 C8 1B 1F
MD5 Fingerprint: EB 5D D5 84 A3 80 2E 79 30 F3 8B 8B 1D 41 F7 88
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIINg9ssEgLXNQwDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIyMDIyNDE5MDcyMVoXDTMyMDIyNTE5MDcyMVowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXIKPS4kMOW6WiC0sGvS445Fhj8My2arSrHql3WeJ8Y6cH12aLe/Csc0oGnkCDqnSmH84t85Ffen6No2z3iUiVb0aK+z2gdKyDoZ9N3j4iXYofoUhEFEVb1xCHyTAwlbsJlNNb+08yidfDFF954X0cq5hrb367RrEMdU8XAcYw3fLRdhbveRsJQ/pjugZCHcha07EpCXjvdbGFvERyMPM+lYlYUS4zW4McdAChUl1ywMuy7epkRKeZhA7QhNU8keFuuORWPYMiotSGhrUTHuYsRrymHK/yDj3QH3HHz2shts81/hHdajjxEX4WYeNpZP8xz2gl0lZErzsXTTSnpLYQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA6QsKjMIOcV2Qs3Ud/24qXly98yoc0N2S9nV49MQMnf6440uNahMe78nKgGi8i0GMgPQKZRjenEe58wuDvyIHWfiwUsHp75zDLKDbnsCT1AhjS2LvmVxTbbEOWN5Xj/ZynX9zB1J2XMAm4NsPK0ohTWEFIjNfZwcozEOTlBWsqbYXFnQXnj9o1QYNYuggfBH9bHaNjF2NrI/dvVqBmEyGlqkQL6dI2UI1+uyTq005O7WrptlM4T1fGC48I1JM1y6MRJhfXxgGlX9rug1TkH0aP8Mn8WorDX8y3E8WaijQPvuC7d6sCmAJAu34iNRDmryEOWODVz8jkoDxUNJWtaY5R
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/443/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/443/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/80/www
The STS header line is :
Strict-Transport-Security: max-age=15552000
42822 - Strict Transport Security (STS) Detection
-
The remote web server implements Strict Transport Security.
The remote web server implements Strict Transport Security (STS).
The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser.
All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to close the connection in the event of potentially insecure situations.
Published: 2009/11/16, Modified: 2019/11/22
tcp/443/www
The STS header line is :
Strict-Transport-Security: max-age=15552000
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 64.139.87.41 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.86.240.134
68.86.241.106
96.110.133.118
75.64.4.148
64.139.87.41
Hop Count: 10
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/80/www
The following cookies are expired :
Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
100669 - Web Application Cookies Are Expired
-
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Published: 2017/06/07, Modified: 2021/12/20
tcp/443/www
The following cookies are expired :
Name : session_key_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : ccsrftoken_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : APSCOOKIE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : AUTOSCALE_CONFIG_REC_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
Name : CENTRAL_MGMT_OVERRIDE_443
Path : /
Value : "0%260"
Domain :
Version : 1
Expires : Wed, 07-Nov-1973 01:36:59 GMT
Comment :
Secure : 1
Httponly : 0
Port :
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 20:41:59 2023 |
| End time: |
Wed Oct 25 21:19:24 2023 |
|
|
| DNS Name: |
64-139-87-42-Hattiesburg.hfc.comcastbusiness.net |
| IP: |
64.139.87.42 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
64.139.87.42 resolves as 64-139-87-42-Hattiesburg.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.017 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:42 CDT
Scan duration : 2231 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 64.139.87.42 :
192.168.100.162
192.168.100.1
64.139.87.42
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 20:57:28 2023 |
| End time: |
Wed Oct 25 21:34:33 2023 |
|
|
| DNS Name: |
64-139-87-43-Hattiesburg.hfc.comcastbusiness.net |
| IP: |
64.139.87.43 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
64.139.87.43 resolves as 64-139-87-43-Hattiesburg.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 2.765 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 20:57 CDT
Scan duration : 2212 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 64.139.87.43 :
192.168.100.162
192.168.100.1
64.139.87.43
Hop Count: 2
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 21:19:24 2023 |
| End time: |
Wed Oct 25 21:42:27 2023 |
|
|
| DNS Name: |
64-139-87-44-Hattiesburg.hfc.comcastbusiness.net |
| IP: |
64.139.87.44 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
64.139.87.44 resolves as 64-139-87-44-Hattiesburg.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 4.504 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 21:19 CDT
Scan duration : 1370 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 64.139.87.44 :
192.168.100.162
192.168.100.1
64.139.87.44
Hop Count: 2
|
|
|
|
|
0 |
1 |
3 |
0 |
45 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 21:34:33 2023 |
| End time: |
Wed Oct 25 22:21:43 2023 |
|
|
| DNS Name: |
64-139-87-45-Hattiesburg.hfc.comcastbusiness.net |
| IP: |
64.139.87.45 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2001/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
51192 - SSL Certificate Cannot Be Trusted
-
The SSL certificate for this service cannot be trusted.
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
Purchase or generate a proper SSL certificate for this service.
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published: 2010/12/15, Modified: 2020/04/27
tcp/2002/www
The following certificate was part of the certificate chain
sent by the remote host, but it has expired :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Not After : Sep 30 14:01:15 2021 GMT
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2001/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
84502 - HSTS Missing From HTTPS Server
-
The remote web server is not enforcing HSTS.
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Configure the remote web server to use HSTS.
Published: 2015/07/02, Modified: 2021/05/19
tcp/2002/www
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
64.139.87.45 resolves as 64-139-87-45-Hattiesburg.hfc.comcastbusiness.net.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2001/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 02:57:26 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
24260 - HyperText Transfer Protocol (HTTP) Information
-
Some information about the remote HTTP configuration can be extracted.
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Published: 2007/01/30, Modified: 2019/11/22
tcp/2002/www
Response Code : HTTP/1.1 401 Unauthorized
Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Home Server"
X-Content-Type-Options: nosniff
Date: Thu, 26 Oct 2023 02:57:26 GMT
Content-Length: 21
Connection: close
Response Body :
authorization failed
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/555
Port 555/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/556
Port 556/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2001/www
Port 2001/tcp was found to be open
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/2002/www
Port 2002/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 3.077 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 21:34 CDT
Scan duration : 2816 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2001/www
This port supports TLSv1.3/TLSv1.2.
56984 - SSL / TLS Versions Supported
-
The remote service encrypts communications.
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Published: 2011/12/01, Modified: 2023/07/10
tcp/2002/www
This port supports TLSv1.3/TLSv1.2.
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2001/www
The host name known by Nessus is :
64-139-87-45-hattiesburg.hfc.comcastbusiness.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
45410 - SSL Certificate 'commonName' Mismatch
-
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Published: 2010/04/03, Modified: 2021/03/09
tcp/2002/www
The host name known by Nessus is :
64-139-87-45-hattiesburg.hfc.comcastbusiness.net
The Common Name in the certificate is :
*.l.home.camect.com
The Subject Alternate Name in the certificate is :
*.l.home.camect.com
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2001/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Renew any soon to expire SSL certificates.
Published: 2015/05/08, Modified: 2015/05/08
tcp/2002/www
The following soon to expire certificate was part of the certificate
chain sent by the remote host :
|-Subject : CN=*.l.home.camect.com
|-Not After : Dec 08 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2001/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
The SSL certificate associated with the remote service will expire soon.
The SSL certificate associated with the remote service will expire soon.
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Published: 2009/12/02, Modified: 2020/09/04
tcp/2002/www
The SSL certificate will expire within 60 days, at
Dec 8 18:20:14 2023 GMT :
Subject : CN=*.l.home.camect.com
Issuer : C=US, O=Let's Encrypt, CN=R3
Not valid before : Sep 9 18:20:15 2023 GMT
Not valid after : Dec 8 18:20:14 2023 GMT
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2001/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
10863 - SSL Certificate Information
-
This plugin displays the SSL certificate.
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Published: 2008/05/19, Modified: 2021/02/03
tcp/2002/www
Subject Name:
Common Name: *.l.home.camect.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 03 FA 81 8F E8 C8 CA D1 36 08 E1 9D 2B 51 51 AE 25 F2
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Sep 09 18:20:15 2023 GMT
Not Valid After: Dec 08 18:20:14 2023 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D7 C4 E6 E1 2D 06 AD 36 A8 7C 91 20 89 93 5C 49 34 2C 1E
56 47 18 C0 69 7D 94 F3 09 58 36 3D 6E 9D 08 95 B0 5C 3B 2B
E3 94 8A E2 FB FB 3F 28 F1 79 FE 9D D1 46 CA C0 84 8D F3 CA
66 E5 CF 15 87 26 DB 02 EC B8 42 2F 2D 26 6C 3D 5A EE 2D 21
79 FE 9D E7 4B 13 FA AD 04 DC 56 99 C3 6D 68 B2 BB B3 9E 03
08 2A 30 7D 8D B9 B5 15 0F 3D A6 9F 4F 58 D3 9F 68 A1 FC 9F
0D B9 27 34 6A 2C 6F 4D 88 C1 E9 83 C0 DF A1 02 18 85 36 1B
7E 63 53 3F 9C 69 0B BF CD DA 7C E8 60 E2 A8 00 C7 87 A9 BF
37 AE 2D 72 37 6F 88 F7 9C 85 8E 90 A8 72 80 4B 37 6B AC CC
76 73 77 D7 95 8A 2D 80 E2 FF 95 21 53 2D B6 B7 C0 76 63 72
99 47 C7 4F C6 3A CB 11 1D 0E 68 75 5C 55 F4 28 71 07 1F 30
52 A3 3E A2 5F 04 6E 8E C0 9C DD EA 67 74 71 C8 11 BF 7C 45
B5 F4 0B FA D2 B4 D1 FD CA B8 AC FD F6 DB AF 25 7B
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 24 45 BB B8 26 BD 18 EE 38 60 00 4C 16 AA C3 3E 0A 5E 11
04 66 A5 96 58 F4 5D D7 56 52 97 21 DF C1 EC EE 42 F6 23 3B
21 3F 86 3A 88 37 A2 D1 56 B3 0D D3 A9 B9 01 76 67 1F FD D2
FE 6E 9A 41 61 15 52 35 53 6F B7 14 D3 B4 17 CB 84 A9 3A 08
BA A2 36 41 45 68 32 26 FA 4C 7F F2 2E 19 7C FB 96 E5 71 DE
27 3D F5 A1 BA FF DB F1 3C 1F 7C 45 C9 0B FD 94 B1 31 52 56
EA AF 3D 70 A7 BC 36 F9 C1 6D 74 CC 4E 19 25 14 44 9B 96 64
91 64 BE 20 70 D8 FD 9D 84 A0 22 4B 23 28 E3 96 C8 61 3B 29
3E 7F 31 AF 6C 87 58 BF 06 2D F0 90 C2 EA E3 23 6E 80 2C 0C
0B 6A CA CC BB 7A 00 05 77 94 0B 8B D3 B3 7D E1 51 A4 50 E3
C3 98 4E 2E DF 14 39 52 65 47 60 36 5F 61 4D 0B 35 54 1F EE
C6 14 25 A4 F4 A6 8E 47 64 E9 C6 25 0E BC E1 5F E8 77 58 06
5B 47 96 C1 DF 85 54 A2 D1 F4 51 11 DA 9B 60 BC 06
Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment
Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Extension: Basic Constraints (2.5.29.19)
Critical: 1
Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 43 25 E7 01 3C 3B 60 EF 0A A3 61 19 A8 8A BC 46 BB 69 E3 7E
Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6
Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Online Certificate Status Protocol
URI: http://r3.o.lencr.org
Method#2: Certificate Authority Issuers
URI: http://r3.i.lencr.org/
Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: *.l.home.camect.com
Extension: Policies (2.5.29.32)
Critical: 0
Policy ID #1: 2.23.140.1.2.1
Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 81 F2 00 F0 00 76 00 B7 3E FB 24 DF 9C 4D BA 75 F2 39 C5
BA 58 F4 6C 5D FC 42 CF 7A 9F 35 C4 9E 1D 09 81 25 ED B4 99
00 00 01 8A 7B 63 3A 6B 00 00 04 03 00 47 30 45 02 20 4F F0
5C 3C 99 B9 EB 3F 6D B1 B8 2A 46 E0 D8 8E 39 48 4E 58 E5 5B
FE 3D 95 9E 2D FA 5B BD D9 3D 02 21 00 86 8F EC 1E 51 A3 E1
E2 14 22 B3 17 0F B0 97 F8 12 47 0F 3A 4D B3 63 AE 26 8C 9A
21 92 80 96 EC 00 76 00 AD F7 BE FA 7C FF 10 C8 8B 9D 3D 9C
1E 3E 18 6A B4 67 29 5D CF B1 0C 24 CA 85 86 34 EB DC 82 8A
00 00 01 8A 7B 63 3A AD 00 00 04 03 00 47 30 45 02 21 00 8A
ED 11 DD 2C 0C 57 72 12 EE 25 83 A0 91 27 D0 EB 3C 3B 40 C7
CB DB E8 C5 85 5B 00 EA F0 37 F8 02 20 29 33 59 23 64 AD 65
AE 42 82 62 1B 8B EA D0 19 20 1F 11 80 58 1E 41 B7 DB 14 D6
B8 BE B8 E5 73
Fingerprints :
SHA-256 Fingerprint: 3F 87 A4 83 6D 32 DC DE 19 1B 0C 98 3A 73 D0 AB B2 31 AF 45
B5 D1 E8 F7 3B 4E E9 6C 3E E8 53 F1
SHA-1 Fingerprint: D6 2F 65 F7 BC AA 71 08 29 6F 81 FA A7 91 8B C8 97 1A 28 91
MD5 Fingerprint: A0 88 4A 16 FD 60 FB E9 92 03 E9 9C 28 14 F5 4E
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgISA/qBj+jIytE2COGdK1FRriXyMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzA5MDkxODIwMTVaFw0yMzEyMDgxODIwMTRaMB4xHDAaBgNVBAMMEyoubC5ob21lLmNhbWVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXxObhLQatNqh8kSCJk1xJNCweVkcYwGl9lPMJWDY9bp0IlbBcOyvjlIri+/s/KPF5/p3RRsrAhI3zymblzxWHJtsC7LhCLy0mbD1a7i0hef6d50sT+q0E3FaZw21osruzngMIKjB9jbm1FQ89pp9PWNOfaKH8nw25JzRqLG9NiMHpg8DfoQIYhTYbfmNTP5xpC7/N2nzoYOKoAMeHqb83ri1yN2+I95yFjpCocoBLN2uszHZzd9eVii2A4v+VIVMttrfAdmNymUfHT8Y6yxEdDmh1XFX0KHEHHzBSoz6iXwRujsCc3epndHHIEb98RbX0C/rStNH9yris/fbbryV7AgMBAAGjggIVMIICETAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEMl5wE8O2DvCqNhGaiKvEa7aeN+MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEyoubC5ob21lLmNhbWVjdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp7YzprAAAEAwBHMEUCIE/wXDyZues/bbG4Kkbg2I45SE5Y5Vv+PZWeLfpbvdk9AiEAho/sHlGj4eIUIrMXD7CX+BJHDzpNs2OuJoyaIZKAluwAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYp7YzqtAAAEAwBHMEUCIQCK7RHdLAxXchLuJYOgkSfQ6zw7QMfL2+jFhVsA6vA3+AIgKTNZI2StZa5CgmIbi+rQGSAfEYBYHkG32xTWuL645XMwDQYJKoZIhvcNAQELBQADggEBACRFu7gmvRjuOGAATBaqwz4KXhEEZqWWWPRd11ZSlyHfwezuQvYjOyE/hjqIN6LRVrMN06m5AXZnH/3S/m6aQWEVUjVTb7cU07QXy4SpOgi6ojZBRWgyJvpMf/IuGXz7luVx3ic99aG6/9vxPB98RckL/ZSxMVJW6q89cKe8NvnBbXTMThklFESblmSRZL4gcNj9nYSgIksjKOOWyGE7KT5/Ma9sh1i/Bi3wkMLq4yNugCwMC2rKzLt6AAV3lAuL07N94VGkUOPDmE4u3xQ5UmVHYDZfYU0LNVQf7sYUJaT0po5HZOnGJQ684V/od1gGW0eWwd+FVKLR9FER2ptgvAY=
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2001/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
95631 - SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
-
A known CA SSL certificate in the certificate chain has been signed using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks (CVE-2004-2761, for example). An attacker can exploit this to generate another certificate with the same digital signature, allowing the attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that this plugin will only fire on root certificates that are known certificate authorities as listed in Tenable Community Knowledge Article 000001752. That is what differentiates this plugin from plugin 35291, which will fire on any certificate, not just known certificate authority root certificates.
Known certificate authority root certificates are inherently trusted and so any potential issues with the signature, including it being signed using a weak hashing algorithm, are not considered security issues.
Contact the Certificate Authority to have the certificate reissued.
Published: 2016/12/08, Modified: 2022/10/12
tcp/2002/www
The following known CA certificates were part of the certificate
chain sent by the remote host, but contain hashes that are considered
to be weak.
Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 30 21:12:19 2000 GMT
Valid To : Sep 30 14:01:15 2021 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2001/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
Published: 2013/10/22, Modified: 2021/02/03
tcp/2002/www
Here is the list of SSL CBC ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2001/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
The remote service encrypts communications using SSL.
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
Published: 2006/06/05, Modified: 2023/07/10
tcp/2002/www
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD
TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 - - ChaCha20-Poly1305(256) AEAD
SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2001/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
Published: 2011/12/07, Modified: 2021/03/09
tcp/2002/www
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2001/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
94761 - SSL Root Certification Authority Certificate Information
-
A root Certification Authority certificate was found at the top of the certificate chain.
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Published: 2016/11/14, Modified: 2018/11/15
tcp/2002/www
The following root Certification Authority certificate was found :
|-Subject : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
|-Valid From : Sep 30 21:12:19 2000 GMT
|-Valid To : Sep 30 14:01:15 2021 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2001/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
The remote host advertises discouraged SSL/TLS ciphers.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
Only enable support for recommened cipher suites.
Published: 2022/01/20, Modified: 2023/07/10
tcp/2002/www
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2001/www
A TLSv1.2 server answered on this port.
tcp/2001/www
A web server is running on this port through TLSv1.2.
22964 - Service Detection
-
The remote service could be identified.
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Published: 2007/08/19, Modified: 2023/07/10
tcp/2002/www
A TLSv1.2 server answered on this port.
tcp/2002/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2001/www
TLSv1.2 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
The remote service encrypts traffic using a version of TLS.
The remote service accepts connections encrypted using TLS 1.2.
Published: 2020/05/04, Modified: 2020/05/04
tcp/2002/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 64.139.87.45 :
192.168.100.162
192.168.100.1
50.76.212.110
96.120.32.125
68.86.112.225
162.151.119.141
68.86.240.134
68.86.241.106
96.110.133.118
75.64.4.148
64.139.87.45
Hop Count: 10
|
|
|
|
|
0 |
1 |
1 |
0 |
9 |
Critical |
High |
Medium |
Low |
Info |
|
|
| Start time: |
Wed Oct 25 21:42:27 2023 |
| End time: |
Wed Oct 25 22:19:50 2023 |
|
|
| DNS Name: |
64-139-87-46-Hattiesburg.hfc.comcastbusiness.net |
| IP: |
64.139.87.46 |
| OS: |
Nutanix |
35450 - DNS Server Spoofed Request Amplification DDoS
-
The remote DNS server could be used in a distributed denial of service attack.
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2009/01/22, Modified: 2020/08/21
udp/53/dns
The DNS query was 17 bytes long, the answer is 492 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
-
The remote name server allows recursive queries to be performed by the host running nessusd.
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
Published: 2000/10/27, Modified: 2018/06/27
udp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
tcp/53/dns
11002 - DNS Server Detection
-
A DNS server is listening on the remote host.
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Published: 2003/02/13, Modified: 2017/05/16
udp/53/dns
It is possible to guess the remote device type.
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Published: 2011/05/23, Modified: 2022/09/09
tcp/0
Remote device type : general-purpose
Confidence level : 70
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
It was possible to resolve the name of the remote host.
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Published: 2004/02/11, Modified: 2017/04/14
tcp/0
64.139.87.46 resolves as 64-139-87-46-Hattiesburg.hfc.comcastbusiness.net.
11219 - Nessus SYN scanner
-
It is possible to determine which TCP ports are open.
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Protect your target with an IP filter.
Published: 2009/02/04, Modified: 2023/09/25
tcp/53/dns
Port 53/tcp was found to be open
19506 - Nessus Scan Information
-
This plugin displays information about the Nessus scan.
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Published: 2005/08/26, Modified: 2023/07/31
tcp/0
Information about this scan :
Nessus version : 10.6.1
Nessus build : 20021
Plugin feed version : 202310251212
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : ubuntu1404-x86-64
Scan type : Normal
Scan name : ExternalScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.100.162
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 59.743 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 15
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2023/10/25 21:42 CDT
Scan duration : 2234 sec
Scan for malware : no
11936 - OS Identification
-
It is possible to guess the remote operating system.
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Published: 2003/12/09, Modified: 2022/03/09
tcp/0
Remote operating system : Nutanix
Confidence level : 70
Method : SinFP
The remote host is running Nutanix
25220 - TCP/IP Timestamps Supported
-
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Published: 2007/05/16, Modified: 2023/10/17
tcp/0
10287 - Traceroute Information
-
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Published: 1999/11/27, Modified: 2023/06/26
udp/0
For your information, here is the traceroute from 192.168.100.162 to 64.139.87.46 :
192.168.100.162
192.168.100.1
64.139.87.46
Hop Count: 2